Dragon-Knight/public/admin.php

<?php

// admin.php :: primary administration script.

require_once '../src/lib.php';

if (!file_exists('../.installed')) redirect('install.php');

$controlrow = get_control_row();

// Login (or verify) if not logged in.
if (($userrow = checkcookies()) === false) {
    if (isset($_GET['do']) && $_GET['do'] === 'verify') redirect('users.php?do=verify');
	redirect('/login');
}

if ($userrow["authlevel"] !== 1) exit("You must have administrator privileges to use the control panel.");

$do = explode(':', $_GET['do'] ?? '');
match ($do[0]) {
	'main'        => primary(),
	'items'       => items(),
	'edititem'    => edititem($do[1]),
	'drops'       => drops(),
	'editdrop'    => editdrop($do[1]),
	'towns'       => towns(),
	'edittown'    => edittown($do[1]),
	'monsters'    => monsters(),
	'editmonster' => editmonster($do[1]),
	'levels'      => levels(),
	'editlevel'   => editlevel(),
	'spells'      => spells(),
	'editspell'   => editspell($do[1]),
	'users'       => users(),
	'edituser'    => edituser($do[1]),
	'news'        => addnews(),
	default       => donothing()
};

function donothing()
{
    $page = <<<HTML
		Welcome to the Dragon Knight Administration section. Use the links on the left bar to control and edit various
		elements of the game.
		<br><br>
		Please note that the control panel has been created mostly as a shortcut for certain individual settings. It is
		meant for use primarily with editing one thing at a time. If you need to completely replace an entire table
		(say, to replace all stock monsters with your own new ones), it is suggested that you use a more in-depth
		database tool such as <a href="http://www.phpmyadmin.net" target="_new">phpMyAdmin</a>. Also, you may want
		to have a copy of the Dragon Knight development kit, available from the
		<a href="http://dragon.se7enet.com/dev.php">Dragon Knight homepage</a>.
		<br><br>
		Also, you should be aware that certain portions of the DK code are dependent on the formatting of certain
		database results (for example, the special attributes on item drops). While I have attempted to point these out
		throughout the admin script, you should definitely pay attention and be careful when editing some fields,
		because mistakes in the database content may result in script errors or your game breaking completely.
	HTML;

    admindisplay($page, "Admin Home");
}

function primary()
{
    if (isset($_POST["submit"])) {
		$form = validate($_POST, [
			'gamename'    => ['alphanum-spaces', 'length:1-20'],
			'gamesize'    => ['int', 'min:5'],
			'class1name'  => ['alpha-spaces', 'length:1-18'],
			'class2name'  => ['alpha-spaces', 'length:1-18'],
			'class3name'  => ['alpha-spaces', 'length:1-18'],
			'gameopen'    => ['bool'],
			'verifyemail' => ['bool'],
			'shownews'    => ['bool'],
			'showonline'  => ['bool'],
			'showbabble'  => ['bool']
		]);

        if ($form['valid']) {
			$form = $form['data'];
        	if (($form['gamesize'] % 5) != 0) exit('Map size must be divisible by five.');

			db()->query('UPDATE control SET gamename=?, gamesize=?, class1name=?, class2name=?, class3name=?, gameopen=?, verifyemail=?, gameurl=?, adminemail=?, shownews=?, showonline=?, showbabble=? WHERE id=1;', [
				$form['gamename'], $form['gamesize'], $form['class1name'], $form['class1name'], $form['class1name'], $form['gameopen'], $form['verifyemail'], $form['gameurl'], $form['adminemail'], $form['shownews'], $form['showonline'], $form['showbabble']
			]);

            admindisplay("Settings updated.", "Main Settings");
        } else {
			$errorlist = ul_from_validate_errors($form['errors']);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Main Settings");
        }
    }

    global $controlrow;

	$page = <<<HTML
		<b><u>Main Settings</u></b><br>
		These options control several major settings for the overall game engine.<br><br>
		<form action="admin.php?do=main" method="post">
			<table width="90%">
				<tr><td width="20%"><span class="highlight">Game Open:</span></td><td><select name="gameopen"><option value="1" {{open1select}}>Open</option><option value="0" {{open0select}}>Closed</option></select><br><span class="small">Close the game if you are upgrading or working on settings and don't want to cause odd errors for end-users. Closing the game will completely halt all activity.</span></td></tr>
				<tr><td width="20%">Game Name:</td><td><input type="text" name="gamename" value="{{gamename}}" /><br><span class="small">Default is "Dragon Knight". Change this if you want to change to call your game something different.</span></td></tr>
				<tr><td width="20%">Game URL:</td><td><input type="text" name="gameurl" value="{{gameurl}}" /><br><span class="small">Please specify the full URL to your game installation ("https://www.dragonknight.com/").  This gets used in the registration email sent to users. If you leave this field blank or incorrect, users may not be able to register correctly.</span></td></tr>
				<tr><td width="20%">Admin Email:</td><td><input type="text" name="adminemail" value="{{adminemail}}" /><br><span class="small">Please specify your email address. This gets used when the game has to send an email to users.</span></td></tr>
				<tr><td width="20%">Map Size:</td><td><input type="text" name="gamesize" value="{{gamesize}}" /><br><span class="small">Default is 250. This is the size of each map quadrant. Note that monster levels increase every 5 spaces, so you should ensure that you have at least (map size / 5) monster levels total, otherwise there will be parts of the map without any monsters, or some monsters won't ever get used. Ex: with a map size of 250, you should have 50 monster levels total.</span></td></tr>
				<tr><td width="20%">Email Verification:</td><td><select name="verifyemail"><option value="0" {{selectverify0}}>Disabled</option><option value="1" {{selectverify1}}>Enabled</option></select><br><span class="small">Make users verify their email address for added security.</span></td></tr>
				<tr><td width="20%">Show News:</td><td><select name="shownews"><option value="0" {{selectnews0}}>No</option><option value="1" {{selectnews1}}>Yes</option></select><br><span class="small">Toggle display of the Latest News box in towns.</td></tr>
				<tr><td width="20%">Show Who's Online:</td><td><select name="showonline"><option value="0" {{selectonline0}}>No</option><option value="1" {{selectonline1}}>Yes</option></select><br><span class="small">Toggle display of the Who's Online box in towns.</span></td></tr>
				<tr><td width="20%">Show Babblebox:</td><td><select name="showbabble"><option value="0" {{selectbabble0}}>No</option><option value="1" {{selectbabble1}}>Yes</option></select><br><span class="small">Toggle display of the Babble Box in towns.</span></td></tr>
				<tr><td width="20%">Class 1 Name:</td><td><input type="text" name="class1name" value="{{class1name}}" /><br></td></tr>
				<tr><td width="20%">Class 2 Name:</td><td><input type="text" name="class2name" value="{{class2name}}" /><br></td></tr>
				<tr><td width="20%">Class 3 Name:</td><td><input type="text" name="class3name" value="{{class3name}}" /><br></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit"> <input type="reset" name="reset" value="Reset">
		</form>
	HTML;

    if ($controlrow["verifyemail"] == 0) { $controlrow["selectverify0"] = "selected=\"selected\" "; } else { $controlrow["selectverify0"] = ""; }
    if ($controlrow["verifyemail"] == 1) { $controlrow["selectverify1"] = "selected=\"selected\" "; } else { $controlrow["selectverify1"] = ""; }
    if ($controlrow["shownews"] == 0) { $controlrow["selectnews0"] = "selected=\"selected\" "; } else { $controlrow["selectnews0"] = ""; }
    if ($controlrow["shownews"] == 1) { $controlrow["selectnews1"] = "selected=\"selected\" "; } else { $controlrow["selectnews1"] = ""; }
    if ($controlrow["showonline"] == 0) { $controlrow["selectonline0"] = "selected=\"selected\" "; } else { $controlrow["selectonline0"] = ""; }
    if ($controlrow["showonline"] == 1) { $controlrow["selectonline1"] = "selected=\"selected\" "; } else { $controlrow["selectonline1"] = ""; }
    if ($controlrow["showbabble"] == 0) { $controlrow["selectbabble0"] = "selected=\"selected\" "; } else { $controlrow["selectbabble0"] = ""; }
    if ($controlrow["showbabble"] == 1) { $controlrow["selectbabble1"] = "selected=\"selected\" "; } else { $controlrow["selectbabble1"] = ""; }
    if ($controlrow["gameopen"] == 1) { $controlrow["open1select"] = "selected=\"selected\" "; } else { $controlrow["open1select"] = ""; }
    if ($controlrow["gameopen"] == 0) { $controlrow["open0select"] = "selected=\"selected\" "; } else { $controlrow["open0select"] = ""; }

    admindisplay(parsetemplate($page, $controlrow), "Main Settings");
}

function items()
{
	$items = db()->query('SELECT id, name FROM items ORDER BY id;');
    $page = "<b><u>Edit Items</u></b><br>Click an item's name to edit it.<br><br><table width=\"50%\">\n";

	$hasItems = false;
    while ($row = $items->fetchArray(SQLITE3_BOTH)) {
		$hasItems = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=edititem:".$row["id"]."\">".$row["name"]."</a></td></tr>\n";
    }

    if (!$hasItems) $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No items found.</td></tr>\n";
    admindisplay($page . "</table>", "Edit Items");
}

function edititem($id)
{
    if (isset($_POST["submit"])) {
        $errors = [];
		$n = trim($_POST['name'] ?? '');
		$bc = (int) trim($_POST['buycost'] ?? 0);
		$a = (int) trim($_POST['attribute'] ?? 0);
		$s = trim($_POST['special'] ?? 'X');

        if (empty($n)) $errors[] = "Name is required.";
		if (!is_int($bc) || !($bc >= 0)) $errors[] = 'Cost must be a number greater than or equal to 0.';
		if (!is_int($a)) $errors[] = 'Attribute must be a number.';

        if (count($errors) === 0) {
			db()->query('UPDATE items SET name=?, type=?, buycost=?, attribute=?, special=? WHERE id=?;', [
				$n, $_POST['type'] ?? 0, $bc, $a, $s, $id
			]);
            admindisplay("Item updated.","Edit Items");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Items");
        }
    }

	$item = get_item($id);

	$page = <<<HTML
		<b><u>Edit Items</u></b><br><br>
		<form action="admin.php?do=edititem:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Name:</td><td><input type="text" name="name" value="{{name}}" /></td></tr>
				<tr><td width="20%">Type:</td><td><select name="type"><option value="1" {{type1select}}>Weapon</option><option value="2" {{type2select}}>Armor</option><option value="3" {{type3select}}>Shield</option></select></td></tr>
				<tr><td width="20%">Cost:</td><td><input type="text" name="buycost" value="{{buycost}}" /> gold</td></tr>
				<tr><td width="20%">Attribute:</td><td><input type="text" name="attribute" value="{{attribute}}" /><br><span class="small">How much the item adds to total attackpower (weapons) or defensepower (armor/shields).</span></td></tr>
				<tr><td width="20%">Special:</td><td><input type="text" name="special" value="{{special}}" /><br><span class="small">Should be either a special code or <span class="highlight">X</span> to disable. Edit this field very carefully because mistakes to formatting or field names can create problems in the game.</span></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
		<b>Special Codes:</b><br>
		Special codes can be added in the item's Special field to give it extra user attributes. Special codes are in the format <span class="highlight">attribute,value</span>. <span class="highlight">Attribute</span> can be any database field from the Users table - however, it is suggested that you only use the ones from the list below, otherwise things can get freaky. <span class="highlight">Value</span> may be any positive or negative whole number. For example, if you want a weapon to give an additional 50 max hit points, the special code would be <span class="highlight">maxhp,50</span>.<br><br>
		Suggested user fields for special codes:<br>
		maxhp - max hit points<br>
		maxmp - max magic points<br>
		maxtp - max travel points<br>
		goldbonus - gold bonus, in percent<br>
		expbonus - experience bonus, in percent<br>
		strength - strength (which also adds to attackpower)<br>
		dexterity - dexterity (which also adds to defensepower)<br>
		attackpower - total attack power<br>
		defensepower - total defense power
	HTML;

    if ($item["type"] == 1) { $item["type1select"] = "selected=\"selected\" "; } else { $item["type1select"] = ""; }
    if ($item["type"] == 2) { $item["type2select"] = "selected=\"selected\" "; } else { $item["type2select"] = ""; }
    if ($item["type"] == 3) { $item["type3select"] = "selected=\"selected\" "; } else { $item["type3select"] = ""; }

    admindisplay(parsetemplate($page, $item), "Edit Items");
}

function drops()
{
    $page = "<b><u>Edit Drops</u></b><br>Click an item's name to edit it.<br><br><table width=\"50%\">\n";

	$drops = db()->query('SELECT id, name FROM drops ORDER BY id;');
	$has_drops = false;
    while ($row = $drops->fetchArray(SQLITE3_ASSOC)) {
		$has_drops = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=editdrop:".$row["id"]."\">".$row["name"]."</a></td></tr>\n";
    }

    if (!$has_drops) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No drops found.</td></tr>\n"; }

    admindisplay($page . "</table>", "Edit Drops");
}

function editdrop($id)
{
    if (isset($_POST["submit"])) {
		$errors = [];

		$n  = trim($_POST['name'] ?? '');
		$ml = (int) trim($_POST['mlevel'] ?? 0);
		$a  = trim($_POST['attribute1'] ?? 'X');
		$a2 = trim($_POST['attribute2'] ?? 'X');

        if (empty($n)) $errors[] = "Name is required.";
        if (!is_int($ml) || $ml < 1) $errors[] = "Monster level is required, and must be higher than 0.";
		if (empty($a) || $a === 'X') $errors[] = 'First attribute is required.';
		if (empty($a2)) $a2 = 'X';

        if (count($errors) === 0) {
			db()->query('UPDATE drops SET name=?, mlevel=?, attribute1=?, attribute2=? WHERE id=?;', [
				$n, $ml, $a, $a2, $id
			]);
            admindisplay("Item updated.","Edit Drops");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Drops");
        }
    }

	$drop = get_drop($id);

	$page = <<<HTML
		<b><u>Edit Drops</u></b><br><br>
		<form action="admin.php?do=editdrop:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Name:</td><td><input type="text" name="name" value="{{name}}" /></td></tr>
				<tr><td width="20%">Monster Level:</td><td><input type="number" name="mlevel" value="{{mlevel}}" /><br><span class="small">Minimum monster level that will drop this item.</span></td></tr>
				<tr><td width="20%">Attribute 1:</td><td><input type="text" name="attribute1" value="{{attribute1}}" /><br><span class="small">Must be a special code. First attribute cannot be disabled. Edit this field very carefully because mistakes to formatting or field names can create problems in the game.</span></td></tr>
				<tr><td width="20%">Attribute 2:</td><td><input type="text" name="attribute2" value="{{attribute2}}" /><br><span class="small">Should be either a special code or <span class="highlight">X</span> to disable. Edit this field very carefully because mistakes to formatting or field names can create problems in the game.</span></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
		<b>Special Codes:</b><br>
		Special codes are used in the two attribute fields to give the item properties. The first attribute field must contain a special code, but the second one may be left empty ("X") if you wish. Special codes are in the format <span class="highlight">attribute,value</span>. <span class="highlight">Attribute</span> can be any database field from the Users table - however, it is suggested that you only use the ones from the list below, otherwise things can get freaky. <span class="highlight">Value</span> may be any positive or negative whole number. For example, if you want a weapon to give an additional 50 max hit points, the special code would be <span class="highlight">maxhp,50</span>.<br><br>
		Suggested user fields for special codes:<br>
		maxhp - max hit points<br>
		maxmp - max magic points<br>
		maxtp - max travel points<br>
		goldbonus - gold bonus, in percent<br>
		expbonus - experience bonus, in percent<br>
		strength - strength (which also adds to attackpower)<br>
		dexterity - dexterity (which also adds to defensepower)<br>
		attackpower - total attack power<br>
		defensepower - total defense power
	HTML;

    admindisplay(parsetemplate($page, $drop), "Edit Drops");
}

function towns()
{
    $page = "<b><u>Edit Towns</u></b><br>Click an town's name to edit it.<br><br><table width=\"50%\">\n";

	$towns = db()->query('SELECT id, name FROM towns ORDER BY id;');
	$has_towns = false;
    while ($row = $towns->fetchArray(SQLITE3_ASSOC)) {
		$has_towns = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=edittown:".$row["id"]."\">".$row["name"]."</a></td></tr>\n";
    }

    if (!$has_towns) $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No towns found.</td></tr>\n";

    admindisplay($page . "</table>", "Edit Towns");
}

function edittown($id)
{
	global $controlrow;

    if (isset($_POST["submit"])) {
		$n  = trim($_POST['name'] ?? '');
		$la = (int) trim($_POST['latitude'] ?? 0);
		$lo = (int) trim($_POST['longitude'] ?? 0);
		$ip = (int) trim($_POST['innprice'] ?? 0);
		$mp = (int) trim($_POST['mapprice'] ?? 0);
		$tp = (int) trim($_POST['travelpoints'] ?? 0);
		$il = trim($_POST['itemslist'] ?? '');

		$errors = [];
		if (empty($n)) $errors[] = 'Name is required.';
        if ($la > $controlrow['gamesize'] || $la < ($controlrow['gamesize'] * -1))
			$errors[] = "Latitude must be a number and within the bounds of the game size. ({$controlrow['gamesize']}";
		if ($lo > $controlrow['gamesize'] || $la < ($controlrow['gamesize'] * -1))
			$errors[] = "Longitude must be a number and within the bounds of the game size. ({$controlrow['gamesize']}";
        if ($ip < 0) $errors[] = "Inn price must be a number greater than or equal to 0.";
        if ($mp < 0) $errors[] = "Map price must be a number greater than or equal to 0.";
        if ($tp < 0) $errors[] = "Travel points must be a number greater than or equal to 0.";

        if ($errors == 0) {
			db()->query('UPDATE towns SET name=?, latitude=?, longitude=?, innprice=?, mapprice=?, travelpoints=?, itemslist=? WHERE id=?;', [
				$n, $la, $lo, $ip, $mp, $tp, $il, $id
			]);
            admindisplay("Town updated.", "Edit Towns");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Towns");
        }
    }

	$row = get_town_by_id($id);

	$page = <<<HTML
		<b><u>Edit Towns</u></b><br><br>
		<form action="admin.php?do=edittown:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Name:</td><td><input type="text" name="name" value="{{name}}" /></td></tr>
				<tr><td width="20%">Latitude:</td><td><input type="text" name="latitude" value="{{latitude}}" /><br><span class="small">Positive or negative integer.</span></td></tr>
				<tr><td width="20%">Longitude:</td><td><input type="text" name="longitude" value="{{longitude}}" /><br><span class="small">Positive or negative integer.</span></td></tr>
				<tr><td width="20%">Inn Price:</td><td><input type="text" name="innprice" value="{{innprice}}" /> gold</td></tr>
				<tr><td width="20%">Map Price:</td><td><input type="text" name="mapprice" value="{{mapprice}}" /> gold<br><span class="small">How much it costs to buy the map to this town.</span></td></tr>
				<tr><td width="20%">Travel Points:</td><td><input type="text" name="travelpoints" value="{{travelpoints}}" /><br><span class="small">How many TP are consumed when travelling to this town.</span></td></tr>
				<tr><td width="20%">Items List:</td><td><input type="text" name="itemslist" value="{{itemslist}}" /><br><span class="small">Comma-separated list of item ID numbers available for purchase at this town. (Example: <span class="highlight">1,2,3,6,9,10,13,20</span>)</span></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    admindisplay(parsetemplate($page, $row), "Edit Towns");
}

function monsters()
{
    global $controlrow;

	$max_level = db()->query('SELECT level FROM monsters ORDER BY level DESC LIMIT 1;')->fetchArray(SQLITE3_ASSOC)['level'];
	$monsters = db()->query('SELECT id, name FROM monsters ORDER BY id;');

    $page = "<b><u>Edit Monsters</u></b><br>";

    if (($controlrow['gamesize'] / 5) !== $max_level) {
        $page .= "<span class=\"highlight\">Note:</span> Your highest monster level does not match with your entered map size. Highest monster level should be ".($controlrow["gamesize"] / 5).", yours is $max_level. Please fix this before opening the game to the public.<br>";
    } else {
		$page .= "Monster level and map size match. No further actions are required for map compatibility.<br>";
	}

    $page .= "Click an monster's name to edit it.<br><br><table width=\"50%\">\n";

	$has_monsters = false;
    while ($row = $monsters->fetchArray(SQLITE3_ASSOC)) {
		$has_monsters = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=editmonster:".$row["id"]."\">".$row["name"]."</a></td></tr>\n";
    }

    if (!$has_monsters) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No monsters found.</td></tr>\n"; }

    admindisplay($page."</table>", "Edit Monster");
}

function editmonster($id)
{
    if (isset($_POST["submit"])) {
		$n  = trim($_POST['name'] ?? '');
		$mh = (int) trim($_POST['maxhp'] ?? 0);
		$md = (int) trim($_POST['maxdam'] ?? 0);
		$a  = (int) trim($_POST['armor'] ?? 0);
		$l  = (int) trim($_POST['level'] ?? 0);
		$me = (int) trim($_POST['maxexp'] ?? 0);
		$mg = (int) trim($_POST['maxgold'] ?? 0);

		$errors = [];
		if (empty($n)) $errors[] = "Name is required.";
		if ($mh < 1)   $errors[] = "Max HP must be a number greater than or equal to 1.";
		if ($md < 0)   $errors[] = "Max Damage must be a number greater than or equal to 0.";
		if ($a < 0)    $errors[] = "Armor must be a number greater than or equal to 0.";
		if ($l < 1)    $errors[] = "Level must be a number greater than or equal to 1.";
		if ($me < 0)   $errors[] = "Max Exp must be a number greater than or equal to 0.";
		if ($mg < 0)   $errors[] = "Max Gold must be a number greater than or equal to 0.";

        if (count($errors) === 0) {
			db()->query('UPDATE monsters SET name=?, maxhp=?, maxdam=?, armor=?, level=?, maxexp=?, maxgold=?, immune=? WHERE id=?;', [
				$n, $mh, $md, $a, $l, $me, $mg, $_POST['immune'] ?? 0, $id
			]);
            admindisplay("Monster updated.", "Edit monsters");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit monsters");
        }
    }

	$row = get_monster($id);

	$page = <<<HTML
		<b><u>Edit Monsters</u></b><br><br>
		<form action="admin.php?do=editmonster:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Name:</td><td><input type="text" name="name" size="30" maxlength="30" value="{{name}}" /></td></tr>
				<tr><td width="20%">Max Hit Points:</td><td><input type="text" name="maxhp" size="5" maxlength="10" value="{{maxhp}}" /></td></tr>
				<tr><td width="20%">Max Damage:</td><td><input type="text" name="maxdam" size="5" maxlength="10" value="{{maxdam}}" /><br><span class="small">Compares to player's attackpower.</span></td></tr>
				<tr><td width="20%">Armor:</td><td><input type="text" name="armor" size="5" maxlength="10" value="{{armor}}" /><br><span class="small">Compares to player's defensepower.</span></td></tr>
				<tr><td width="20%">Monster Level:</td><td><input type="text" name="level" size="5" maxlength="10" value="{{level}}" /><br><span class="small">Determines spawn location and item drops.</span></td></tr>
				<tr><td width="20%">Max Experience:</td><td><input type="text" name="maxexp" size="5" maxlength="10" value="{{maxexp}}" /><br><span class="small">Max experience gained from defeating monster.</span></td></tr>
				<tr><td width="20%">Max Gold:</td><td><input type="text" name="maxgold" size="5" maxlength="10" value="{{maxgold}}" /><br><span class="small">Max gold gained from defeating monster.</span></td></tr>
				<tr><td width="20%">Immunity:</td><td><select name="immune"><option value="0" {{immune0select}}>None</option><option value="1" {{immune1select}}>Hurt Spells</option><option value="2" {{immune2select}}>Hurt & Sleep Spells</option></select><br><span class="small">Some monsters may not be hurt by certain spells.</span></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    if ($row["immune"] == 1) { $row["immune1select"] = "selected=\"selected\" "; } else { $row["immune1select"] = ""; }
    if ($row["immune"] == 2) { $row["immune2select"] = "selected=\"selected\" "; } else { $row["immune2select"] = ""; }
    if ($row["immune"] == 3) { $row["immune3select"] = "selected=\"selected\" "; } else { $row["immune3select"] = ""; }

    admindisplay(parsetemplate($page, $row), "Edit Monsters");
}

function spells()
{
    $page = "<b><u>Edit Spells</u></b><br>Click an spell's name to edit it.<br><br><table width=\"50%\">\n";

	$spells = db()->query('SELECT id, name FROM spells ORDER BY id;');
	$has_spells = false;

    while ($row = $spells->fetchArray(SQLITE3_ASSOC)) {
		$has_spells = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=editspell:".$row["id"]."\">".$row["name"]."</a></td></tr>\n";
    }

    if (!$has_spells) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; }

    admindisplay($page."</table>", "Edit Spells");
}

function editspell($id)
{
    if (isset($_POST["submit"])) {
		$n  = trim($_POST['name'] ?? '');
		$mp = (int) trim($_POST['mp'] ?? 0);
		$a  = (int) trim($_POST['attribute'] ?? 0);

        $errors = [];
        if (empty($n)) $errors[] = "Name is required.";
        if ($mp < 0)   $errors[] = "MP must be a number greater than or equal to 0.";
        if ($a < 0)    $errors[] = "Attribute must be a number greater than or equal to 0.";

        if (count($errors) === 0) {
			db()->query('UPDATE spells SET name=?, mp=?, attribute=?, type=? WHERE id=?;', [
				$n, $mp, $a, $_POST['type'] ?? 0, $id
			]);
            admindisplay("Spell updated.", "Edit Spells");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Spells");
        }
    }

	$row = get_spell($id);

	$page = <<<HTML
		<b><u>Edit Spells</u></b><br><br>
		<form action="admin.php?do=editspell:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Name:</td><td><input type="text" name="name" size="30" maxlength="30" value="{{name}}" /></td></tr>
				<tr><td width="20%">Magic Points:</td><td><input type="text" name="mp" size="5" maxlength="10" value="{{mp}}" /><br><span class="small">MP required to cast spell.</span></td></tr>
				<tr><td width="20%">Attribute:</td><td><input type="text" name="attribute" size="5" maxlength="10" value="{{attribute}}" /><br><span class="small">Numeric value of the spell's effect. Ties with type, below.</span></td></tr>
				<tr><td width="20%">Type:</td><td><select name="type"><option value="1" {{type1select}}>Heal</option><option value="2" {{type2select}}>Hurt</option><option value="3" {{type3select}}>Sleep</option><option value="4" {{type4select}}>Uber Attack</option><option value="5" {{type5select}}>Uber Defense</option></select><br><span class="small">- Heal gives player back [attribute] hit points.<br>- Hurt deals [attribute] damage to monster.<br>- Sleep keeps monster from attacking ([attribute] is monster's chance out of 15 to stay asleep each turn).<br>- Uber Attack increases total attack damage by [attribute] percent.<br>- Uber Defense increases total defense from attack by [attribute] percent.</span></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    if ($row["type"] == 1) { $row["type1select"] = "selected=\"selected\" "; } else { $row["type1select"] = ""; }
    if ($row["type"] == 2) { $row["type2select"] = "selected=\"selected\" "; } else { $row["type2select"] = ""; }
    if ($row["type"] == 3) { $row["type3select"] = "selected=\"selected\" "; } else { $row["type3select"] = ""; }
    if ($row["type"] == 4) { $row["type4select"] = "selected=\"selected\" "; } else { $row["type4select"] = ""; }
    if ($row["type"] == 5) { $row["type5select"] = "selected=\"selected\" "; } else { $row["type5select"] = ""; }

    admindisplay(parsetemplate($page, $row), "Edit Spells");
}

function levels()
{
	$max_level = db()->query('SELECT id FROM levels ORDER BY id DESC LIMIT 1;')->fetchArray(SQLITE3_ASSOC)['id'];

    $options = "";
    for ($i = 2; $i < $max_level; $i++) {
        $options .= "<option value=\"$i\">$i</option>\n";
    }

	$page = <<<HTML
		<b><u>Edit Levels</u></b><br>
		Select a level number from the dropdown box to edit it.<br><br>
		<form action="admin.php?do=editlevel" method="post">
			<select name="level">
				$options
			</select>
			<input type="submit" name="go" value="Edit" />
		</form>
	HTML;

    admindisplay($page, "Edit Levels");
}

function editlevel()
{
    if (!isset($_POST["level"])) admindisplay("No level to edit.", "Edit Levels");
    $id = $_POST["level"];

    if (isset($_POST["submit"])) {
		unset($_POST['submit']);
        $errors = [];
        if ($_POST["one_exp"] == "") $errors[] = "Class 1 Experience is required.";
        if ($_POST["one_hp"] == "") $errors[] = "Class 1 HP is required.";
        if ($_POST["one_mp"] == "") $errors[] = "Class 1 MP is required.";
        if ($_POST["one_tp"] == "") $errors[] = "Class 1 TP is required.";
        if ($_POST["one_strength"] == "") $errors[] = "Class 1 Strength is required.";
        if ($_POST["one_dexterity"] == "") $errors[] = "Class 1 Dexterity is required.";
        if ($_POST["one_spells"] == "") $errors[] = "Class 1 Spells is required.";
        if (!is_numeric($_POST["one_exp"])) $errors[] = "Class 1 Experience must be a number.";
        if (!is_numeric($_POST["one_hp"])) $errors[] = "Class 1 HP must be a number.";
        if (!is_numeric($_POST["one_mp"])) $errors[] = "Class 1 MP must be a number.";
        if (!is_numeric($_POST["one_tp"])) $errors[] = "Class 1 TP must be a number.";
        if (!is_numeric($_POST["one_strength"])) $errors[] = "Class 1 Strength must be a number.";
        if (!is_numeric($_POST["one_dexterity"])) $errors[] = "Class 1 Dexterity must be a number.";
        if (!is_numeric($_POST["one_spells"])) $errors[] = "Class 1 Spells must be a number.";

        if ($_POST["two_exp"] == "") $errors[] = "Class 2 Experience is required.";
        if ($_POST["two_hp"] == "") $errors[] = "Class 2 HP is required.";
        if ($_POST["two_mp"] == "") $errors[] = "Class 2 MP is required.";
        if ($_POST["two_tp"] == "") $errors[] = "Class 2 TP is required.";
        if ($_POST["two_strength"] == "") $errors[] = "Class 2 Strength is required.";
        if ($_POST["two_dexterity"] == "") $errors[] = "Class 2 Dexterity is required.";
        if ($_POST["two_spells"] == "") $errors[] = "Class 2 Spells is required.";
        if (!is_numeric($_POST["two_exp"])) $errors[] = "Class 2 Experience must be a number.";
        if (!is_numeric($_POST["two_hp"])) $errors[] = "Class 2 HP must be a number.";
        if (!is_numeric($_POST["two_mp"])) $errors[] = "Class 2 MP must be a number.";
        if (!is_numeric($_POST["two_tp"])) $errors[] = "Class 2 TP must be a number.";
        if (!is_numeric($_POST["two_strength"])) $errors[] = "Class 2 Strength must be a number.";
        if (!is_numeric($_POST["two_dexterity"])) $errors[] = "Class 2 Dexterity must be a number.";
        if (!is_numeric($_POST["two_spells"])) $errors[] = "Class 2 Spells must be a number.";

        if ($_POST["three_exp"] == "") $errors[] = "Class 3 Experience is required.";
        if ($_POST["three_hp"] == "") $errors[] = "Class 3 HP is required.";
        if ($_POST["three_mp"] == "") $errors[] = "Class 3 MP is required.";
        if ($_POST["three_tp"] == "") $errors[] = "Class 3 TP is required.";
        if ($_POST["three_strength"] == "") $errors[] = "Class 3 Strength is required.";
        if ($_POST["three_dexterity"] == "") $errors[] = "Class 3 Dexterity is required.";
        if ($_POST["three_spells"] == "") $errors[] = "Class 3 Spells is required.";
        if (!is_numeric($_POST["three_exp"])) $errors[] = "Class 3 Experience must be a number.";
        if (!is_numeric($_POST["three_hp"])) $errors[] = "Class 3 HP must be a number.";
        if (!is_numeric($_POST["three_mp"])) $errors[] = "Class 3 MP must be a number.";
        if (!is_numeric($_POST["three_tp"])) $errors[] = "Class 3 TP must be a number.";
        if (!is_numeric($_POST["three_strength"])) $errors[] = "Class 3 Strength must be a number.";
        if (!is_numeric($_POST["three_dexterity"])) $errors[] = "Class 3 Dexterity must be a number.";
        if (!is_numeric($_POST["three_spells"])) $errors[] = "Class 3 Spells must be a number.";

        if (count($errors) === 0) {
			$updatequery = <<<SQL
				UPDATE levels SET
				"1_exp" = ?, "1_hp" = ?, "1_mp" = ?, "1_tp" = ?, "1_strength" = ?, "1_dexterity" = ?, "1_spells" = ?,
				"2_exp" = ?, "2_hp" = ?, "2_mp" = ?, "2_tp" = ?, "2_strength" = ?, "2_dexterity" = ?, "2_spells" = ?,
				"3_exp" = ?, "3_hp" = ?, "3_mp" = ?, "3_tp" = ?, "3_strength" = ?, "3_dexterity" = ?, "3_spells" = ?
				WHERE id = ?
			SQL;

			extract($_POST);
			db()->query($updatequery, [
				$one_exp, $one_hp, $one_mp, $one_tp, $one_strength, $one_dexterity, $one_spells,
				$two_exp, $two_hp, $two_mp, $two_tp, $two_strength, $two_dexterity, $two_spells,
				$three_exp, $three_hp, $three_mp, $three_tp, $three_strength, $three_dexterity, $three_spells,
				$id
			]);
            admindisplay("Level updated.", "Edit Levels");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Spells");
        }
    }


	$row = db()->query('SELECT * FROM levels WHERE id=? LIMIT 1;', [$id])->fetchArray(SQLITE3_ASSOC);

    global $controlrow;

    $class1name = $controlrow["class1name"];
    $class2name = $controlrow["class2name"];
    $class3name = $controlrow["class3name"];

	$page = <<<HTML
		<b><u>Edit Levels</u></b><br><br>
		Experience values for each level should be the cumulative total amount of experience up to this point. All other values should be only the new amount to add this level.<br><br>
		<form action="admin.php?do=editlevel" method="post">
			<input type="hidden" name="level" value="$id" />
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">$class1name Experience:</td><td><input type="text" name="one_exp" size="10" maxlength="8" value="{{1_exp}}" /></td></tr>
				<tr><td width="20%">$class1name HP:</td><td><input type="text" name="one_hp" size="5" maxlength="5" value="{{1_hp}}" /></td></tr>
				<tr><td width="20%">$class1name MP:</td><td><input type="text" name="one_mp" size="5" maxlength="5" value="{{1_mp}}" /></td></tr>
				<tr><td width="20%">$class1name TP:</td><td><input type="text" name="one_tp" size="5" maxlength="5" value="{{1_tp}}" /></td></tr>
				<tr><td width="20%">$class1name Strength:</td><td><input type="text" name="one_strength" size="5" maxlength="5" value="{{1_strength}}" /></td></tr>
				<tr><td width="20%">$class1name Dexterity:</td><td><input type="text" name="one_dexterity" size="5" maxlength="5" value="{{1_dexterity}}" /></td></tr>
				<tr><td width="20%">$class1name Spells:</td><td><input type="text" name="one_spells" size="5" maxlength="3" value="{{1_spells}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">$class2name Experience:</td><td><input type="text" name="two_exp" size="10" maxlength="8" value="{{2_exp}}" /></td></tr>
				<tr><td width="20%">$class2name HP:</td><td><input type="text" name="two_hp" size="5" maxlength="5" value="{{2_hp}}" /></td></tr>
				<tr><td width="20%">$class2name MP:</td><td><input type="text" name="two_mp" size="5" maxlength="5" value="{{2_mp}}" /></td></tr>
				<tr><td width="20%">$class2name TP:</td><td><input type="text" name="two_tp" size="5" maxlength="5" value="{{2_tp}}" /></td></tr>
				<tr><td width="20%">$class2name Strength:</td><td><input type="text" name="two_strength" size="5" maxlength="5" value="{{2_strength}}" /></td></tr>
				<tr><td width="20%">$class2name Dexterity:</td><td><input type="text" name="two_dexterity" size="5" maxlength="5" value="{{2_dexterity}}" /></td></tr>
				<tr><td width="20%">$class2name Spells:</td><td><input type="text" name="two_spells" size="5" maxlength="3" value="{{2_spells}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">$class3name Experience:</td><td><input type="text" name="three_exp" size="10" maxlength="8" value="{{3_exp}}" /></td></tr>
				<tr><td width="20%">$class3name HP:</td><td><input type="text" name="three_hp" size="5" maxlength="5" value="{{3_hp}}" /></td></tr>
				<tr><td width="20%">$class3name MP:</td><td><input type="text" name="three_mp" size="5" maxlength="5" value="{{3_mp}}" /></td></tr>
				<tr><td width="20%">$class3name TP:</td><td><input type="text" name="three_tp" size="5" maxlength="5" value="{{3_tp}}" /></td></tr>
				<tr><td width="20%">$class3name Strength:</td><td><input type="text" name="three_strength" size="5" maxlength="5" value="{{3_strength}}" /></td></tr>
				<tr><td width="20%">$class3name Dexterity:</td><td><input type="text" name="three_dexterity" size="5" maxlength="5" value="{{3_dexterity}}" /></td></tr>
				<tr><td width="20%">$class3name Spells:</td><td><input type="text" name="three_spells" size="5" maxlength="3" value="{{3_spells}}" /></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    admindisplay(parsetemplate($page, $row), "Edit Levels");
}

function users()
{
    $page = "<b><u>Edit Users</u></b><br>Click a username to edit the account.<br><br><table width=\"50%\">\n";

	$users = db()->query('SELECT id, username FROM users ORDER BY id;');
	$has_users = false;

    while ($row = $users->fetchArray(SQLITE3_ASSOC)) {
		$has_users = true;
        $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">".$row["id"]."</td><td style=\"background-color: #eeeeee;\"><a href=\"admin.php?do=edituser:".$row["id"]."\">".$row["username"]."</a></td></tr>\n";
    }

    if (!$has_users) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; }

    admindisplay($page."</table>", "Edit Users");
}

function edituser($id)
{
    if (isset($_POST["submit"])) {
        extract($_POST);

        $errors = [];
        if ($email == "") $errors[] = "Email is required.";
        if ($verify == "") $errors[] = "Verify is required.";
        if ($authlevel == "") $errors[] = "Auth Level is required.";
        if ($latitude == "") $errors[] = "Latitude is required.";
        if ($longitude == "") $errors[] = "Longitude is required.";
        if ($charclass == "") $errors[] = "Character Class is required.";
        if ($currentaction == "") $errors[] = "Current Action is required.";
        if ($currentfight == "") $errors[] = "Current Fight is required.";

        if ($currentmonster == "") $errors[] = "Current Monster is required.";
        if ($currentmonsterhp == "") $errors[] = "Current Monster HP is required.";
        if ($currentmonstersleep == "") $errors[] = "Current Monster Sleep is required.";
        if ($currentmonsterimmune == "") $errors[] = "Current Monster Immune is required.";
        if ($currentuberdamage == "") $errors[] = "Current Uber Damage is required.";
        if ($currentuberdefense == "") $errors[] = "Current Uber Defense is required.";
        if ($currenthp == "") $errors[] = "Current HP is required.";
        if ($currentmp == "") $errors[] = "Current MP is required.";
        if ($currenttp == "") $errors[] = "Current TP is required.";
        if ($maxhp == "") $errors[] = "Max HP is required.";

        if ($maxmp == "") $errors[] = "Max MP is required.";
        if ($maxtp == "") $errors[] = "Max TP is required.";
        if ($level == "") $errors[] = "Level is required.";
        if ($gold == "") $errors[] = "Gold is required.";
        if ($experience == "") $errors[] = "Experience is required.";
        if ($goldbonus == "") $errors[] = "Gold Bonus is required.";
        if ($expbonus == "") $errors[] = "Experience Bonus is required.";
        if ($strength == "") $errors[] = "Strength is required.";
        if ($dexterity == "") $errors[] = "Dexterity is required.";
        if ($attackpower == "") $errors[] = "Attack Power is required.";

        if ($defensepower == "") $errors[] = "Defense Power is required.";
        if ($weaponid == "") $errors[] = "Weapon ID is required.";
        if ($armorid == "") $errors[] = "Armor ID is required.";
        if ($shieldid == "") $errors[] = "Shield ID is required.";
        if ($slot1id == "") $errors[] = "Slot 1 ID is required.";
        if ($slot2id == "") $errors[] = "Slot 2 ID is required.";
        if ($slot3id == "") $errors[] = "Slot 3 ID is required.";
        if ($weaponname == "") $errors[] = "Weapon Name is required.";
        if ($armorname == "") $errors[] = "Armor Name is required.";
        if ($shieldname == "") $errors[] = "Shield Name is required.";

        if ($slot1name == "") $errors[] = "Slot 1 Name is required.";
        if ($slot2name == "") $errors[] = "Slot 2 Name is required.";
        if ($slot3name == "") $errors[] = "Slot 3 Name is required.";
        if ($dropcode == "") $errors[] = "Drop Code is required.";
        if ($spells == "") $errors[] = "Spells is required.";
        if ($towns == "") $errors[] = "Towns is required.";

        if (!is_numeric($authlevel)) $errors[] = "Auth Level must be a number.";
        if (!is_numeric($latitude)) $errors[] = "Latitude must be a number.";
        if (!is_numeric($longitude)) $errors[] = "Longitude must be a number.";
        if (!is_numeric($charclass)) $errors[] = "Character Class must be a number.";
        if (!is_numeric($currentfight)) $errors[] = "Current Fight must be a number.";
        if (!is_numeric($currentmonster)) $errors[] = "Current Monster must be a number.";
        if (!is_numeric($currentmonsterhp)) $errors[] = "Current Monster HP must be a number.";
        if (!is_numeric($currentmonstersleep)) $errors[] = "Current Monster Sleep must be a number.";

        if (!is_numeric($currentmonsterimmune)) $errors[] = "Current Monster Immune must be a number.";
        if (!is_numeric($currentuberdamage)) $errors[] = "Current Uber Damage must be a number.";
        if (!is_numeric($currentuberdefense)) $errors[] = "Current Uber Defense must be a number.";
        if (!is_numeric($currenthp)) $errors[] = "Current HP must be a number.";
        if (!is_numeric($currentmp)) $errors[] = "Current MP must be a number.";
        if (!is_numeric($currenttp)) $errors[] = "Current TP must be a number.";
        if (!is_numeric($maxhp)) $errors[] = "Max HP must be a number.";
        if (!is_numeric($maxmp)) $errors[] = "Max MP must be a number.";
        if (!is_numeric($maxtp)) $errors[] = "Max TP must be a number.";
        if (!is_numeric($level)) $errors[] = "Level must be a number.";

        if (!is_numeric($gold)) $errors[] = "Gold must be a number.";
        if (!is_numeric($experience)) $errors[] = "Experience must be a number.";
        if (!is_numeric($goldbonus)) $errors[] = "Gold Bonus must be a number.";
        if (!is_numeric($expbonus)) $errors[] = "Experience Bonus must be a number.";
        if (!is_numeric($strength)) $errors[] = "Strength must be a number.";
        if (!is_numeric($dexterity)) $errors[] = "Dexterity must be a number.";
        if (!is_numeric($attackpower)) $errors[] = "Attack Power must be a number.";
        if (!is_numeric($defensepower)) $errors[] = "Defense Power must be a number.";
        if (!is_numeric($weaponid)) $errors[] = "Weapon ID must be a number.";
        if (!is_numeric($armorid)) $errors[] = "Armor ID must be a number.";

        if (!is_numeric($shieldid)) $errors[] = "Shield ID must be a number.";
        if (!is_numeric($slot1id)) $errors[] = "Slot 1 ID  must be a number.";
        if (!is_numeric($slot2id)) $errors[] = "Slot 2 ID must be a number.";
        if (!is_numeric($slot3id)) $errors[] = "Slot 3 ID must be a number.";
        if (!is_numeric($dropcode)) $errors[] = "Drop Code must be a number.";

        if (count($errors) === 0) {
			$updatequery = <<<SQL
				UPDATE users SET
				email = ?, verify = ?, authlevel = ?, latitude = ?, longitude = ?, charclass = ?, currentaction = ?,
				currentfight = ?, currentmonster = ?, currentmonsterhp = ?, currentmonstersleep = ?, currentmonsterimmune = ?,
				currentuberdamage = ?, currentuberdefense = ?, currenthp = ?, currentmp = ?, currenttp = ?, maxhp = ?,
				maxmp = ?, maxtp = ?, level = ?, gold = ?, experience = ?, goldbonus = ?, expbonus = ?, strength = ?,
				dexterity = ?, attackpower = ?, defensepower = ?, weaponid = ?, armorid = ?, shieldid = ?, slot1id = ?,
				slot2id = ?, slot3id = ?, weaponname = ?, armorname = ?, shieldname = ?, slot1name = ?, slot2name = ?,
				slot3name = ?, dropcode = ?, spells = ?, towns = ?
				WHERE id = ?
			SQL;

			db()->query($updatequery, [
				$email, $verify, $authlevel, $latitude, $longitude, $charclass, $currentaction,
				$currentfight, $currentmonster, $currentmonsterhp, $currentmonstersleep, $currentmonsterimmune,
				$currentuberdamage, $currentuberdefense, $currenthp, $currentmp, $currenttp, $maxhp,
				$maxmp, $maxtp, $level, $gold, $experience, $goldbonus, $expbonus, $strength,
				$dexterity, $attackpower, $defensepower, $weaponid, $armorid, $shieldid, $slot1id,
				$slot2id, $slot3id, $weaponname, $armorname, $shieldname, $slot1name, $slot2name,
				$slot3name, $dropcode, $spells, $towns, $id
			]);

            admindisplay("User updated.", "Edit Users");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Edit Users");
        }
    }

	$row = db()->query('SELECT * FROM users WHERE id = ? LIMIT 1;', [$id])->fetchArray(SQLITE3_ASSOC);

    global $controlrow;
    $class1name = $controlrow["class1name"];
    $class2name = $controlrow["class2name"];
    $class3name = $controlrow["class3name"];

	$page = <<<HTML
		<b><u>Edit Users</u></b><br><br>
		<form action="admin.php?do=edituser:$id" method="post">
			<table width="90%">
				<tr><td width="20%">ID:</td><td>{{id}}</td></tr>
				<tr><td width="20%">Username:</td><td>{{username}}</td></tr>
				<tr><td width="20%">Email:</td><td><input type="text" name="email" value="{{email}}" /></td></tr>
				<tr><td width="20%">Verify:</td><td><input type="text" name="verify" value="{{verify}}" /></td></tr>
				<tr><td width="20%">Register Date:</td><td>{{regdate}}</td></tr>
				<tr><td width="20%">Last Online:</td><td>{{onlinetime}}</td></tr>
				<tr><td width="20%">Auth Level:</td><td><select name="authlevel"><option value="0" {{auth0select}}>User</option><option value="1" {{auth1select}}>Admin</option><option value="2" {{auth2select}}>Blocked</option></select><br><span class="small">Set to "Blocked" to temporarily (or permanently) ban a user.</span></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Latitude:</td><td><input type="text" name="latitude" value="{{latitude}}" /></td></tr>
				<tr><td width="20%">Longitude:</td><td><input type="text" name="longitude" value="{{longitude}}" /></td></tr>
				<tr><td width="20%">Character Class:</td><td><select name="charclass"><option value="1" {{class1select}}>$class1name</option><option value="2" {{class2select}}>$class2name</option><option value="3" {{class3select}}>$class3name</option></select></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Current Action:</td><td><input type="text" name="currentaction" value="{{currentaction}}" /></td></tr>
				<tr><td width="20%">Current Fight:</td><td><input type="text" name="currentfight" value="{{currentfight}}" /></td></tr>
				<tr><td width="20%">Current Monster:</td><td><input type="text" name="currentmonster" value="{{currentmonster}}" /></td></tr>
				<tr><td width="20%">Current Monster HP:</td><td><input type="text" name="currentmonsterhp" value="{{currentmonsterhp}}" /></td></tr>
				<tr><td width="20%">Current Monster Sleep:</td><td><input type="text" name="currentmonsterimmune" value="{{currentmonsterimmune}}" /></td></tr>
				<tr><td width="20%">Current Monster Immune:</td><td><input type="text" name="currentmonstersleep" value="{{currentmonstersleep}}" /></td></tr>
				<tr><td width="20%">Current Uber Damage:</td><td><input type="text" name="currentuberdamage" value="{{currentuberdamage}}" /></td></tr>
				<tr><td width="20%">Current Uber Defense:</td><td><input type="text" name="currentuberdefense" value="{{currentuberdefense}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Current HP:</td><td><input type="text" name="currenthp" value="{{currenthp}}" /></td></tr>
				<tr><td width="20%">Current MP:</td><td><input type="text" name="currentmp" value="{{currentmp}}" /></td></tr>
				<tr><td width="20%">Current TP:</td><td><input type="text" name="currenttp" value="{{currenttp}}" /></td></tr>
				<tr><td width="20%">Max HP:</td><td><input type="text" name="maxhp" value="{{maxhp}}" /></td></tr>
				<tr><td width="20%">Max MP:</td><td><input type="text" name="maxmp" value="{{maxmp}}" /></td></tr>
				<tr><td width="20%">Max TP:</td><td><input type="text" name="maxtp" value="{{maxtp}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Level:</td><td><input type="text" name="level" value="{{level}}" /></td></tr>
				<tr><td width="20%">Gold:</td><td><input type="text" name="gold" value="{{gold}}" /></td></tr>
				<tr><td width="20%">Experience:</td><td><input type="text" name="experience" value="{{experience}}" /></td></tr>
				<tr><td width="20%">Gold Bonus:</td><td><input type="text" name="goldbonus" value="{{goldbonus}}" /></td></tr>
				<tr><td width="20%">Experience Bonus:</td><td><input type="text" name="expbonus" value="{{expbonus}}" /></td></tr>
				<tr><td width="20%">Strength:</td><td><input type="text" name="strength" value="{{strength}}" /></td></tr>
				<tr><td width="20%">Dexterity:</td><td><input type="text" name="dexterity" value="{{dexterity}}" /></td></tr>
				<tr><td width="20%">Attack Power:</td><td><input type="text" name="attackpower" value="{{attackpower}}" /></td></tr>
				<tr><td width="20%">Defense Power:</td><td><input type="text" name="defensepower" value="{{defensepower}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Weapon ID:</td><td><input type="text" name="weaponid" value="{{weaponid}}" /></td></tr>
				<tr><td width="20%">Armor ID:</td><td><input type="text" name="armorid" value="{{armorid}}" /></td></tr>
				<tr><td width="20%">Shield ID:</td><td><input type="text" name="shieldid" value="{{shieldid}}" /></td></tr>
				<tr><td width="20%">Slot 1 ID:</td><td><input type="text" name="slot1id" value="{{slot1id}}" /></td></tr>
				<tr><td width="20%">Slot 2 ID:</td><td><input type="text" name="slot2id" value="{{slot2id}}" /></td></tr>
				<tr><td width="20%">Slot 3 ID:</td><td><input type="text" name="slot3id" value="{{slot3id}}" /></td></tr>
				<tr><td width="20%">Weapon Name:</td><td><input type="text" name="weaponname" value="{{weaponname}}" /></td></tr>
				<tr><td width="20%">Armor Name:</td><td><input type="text" name="armorname" value="{{armorname}}" /></td></tr>
				<tr><td width="20%">Shield Name:</td><td><input type="text" name="shieldname" value="{{shieldname}}" /></td></tr>
				<tr><td width="20%">Slot 1 Name:</td><td><input type="text" name="slot1name" value="{{slot1name}}" /></td></tr>
				<tr><td width="20%">Slot 2 Name:</td><td><input type="text" name="slot2name" value="{{slot2name}}" /></td></tr>
				<tr><td width="20%">Slot 3 Name:</td><td><input type="text" name="slot3name" value="{{slot3name}}" /></td></tr>

				<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>

				<tr><td width="20%">Drop Code:</td><td><input type="text" name="dropcode" value="{{dropcode}}" /></td></tr>
				<tr><td width="20%">Spells:</td><td><input type="text" name="spells" value="{{spells}}" /></td></tr>
				<tr><td width="20%">Towns:</td><td><input type="text" name="towns" value="{{towns}}" /></td></tr>
			</table>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    if ($row["authlevel"] == 0) { $row["auth0select"] = "selected=\"selected\" "; } else { $row["auth0select"] = ""; }
    if ($row["authlevel"] == 1) { $row["auth1select"] = "selected=\"selected\" "; } else { $row["auth1select"] = ""; }
    if ($row["authlevel"] == 2) { $row["auth2select"] = "selected=\"selected\" "; } else { $row["auth2select"] = ""; }
    if ($row["charclass"] == 1) { $row["class1select"] = "selected=\"selected\" "; } else { $row["class1select"] = ""; }
    if ($row["charclass"] == 2) { $row["class2select"] = "selected=\"selected\" "; } else { $row["class2select"] = ""; }
    if ($row["charclass"] == 3) { $row["class3select"] = "selected=\"selected\" "; } else { $row["class3select"] = ""; }

    admindisplay(parsetemplate($page, $row), "Edit Users");
}

function addnews()
{
	global $userrow;

    if (isset($_POST["submit"])) {
		$c = trim($_POST['content'] ?? '');

		$errors = [];
        if (empty($c)) $errors[] = "Content is required.";

        if (count($errors) === 0) {
			db()->query('INSERT INTO news (author, content) VALUES (?, ?);', [$userrow['username'], $c]);
            admindisplay("News post added.", "Add News");
        } else {
			$errorlist = implode('<br>', $errors);
            admindisplay("<b>Errors:</b><br><div style=\"color:red;\">$errorlist</div><br>Please go back and try again.", "Add News");
        }
    }

	$page = <<<HTML
		<b><u>Add A News Post</u></b><br><br>
		<form action="admin.php?do=news" method="post">
			Type your post below and then click Submit to add it.<br>
			<textarea name="content" rows="5" cols="50"></textarea><br>
			<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
		</form>
	HTML;

    admindisplay($page, "Add News");
}