query("SELECT `uuid`,`cldbid`,`name` FROM `$dbname`.`user` $filter ORDER BY `name` ASC")) === false) { $err_msg = "DB Error: ".print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } $user_arr = $dbuserdata->fetchAll(PDO::FETCH_ASSOC); if (isset($_POST['update']) && $_SESSION[$rspathhex.'username'] == $webuser && $_SESSION[$rspathhex.'password'] == $webpass && $_SESSION[$rspathhex.'clientip'] == getclientip() && $_POST['csrf_token'] == $_SESSION[$rspathhex.'csrf_token']) { $setontime = 0; if($_POST['setontime_day']) { $setontime = $setontime + $_POST['setontime_day'] * 86400; } if($_POST['setontime_hour']) { $setontime = $setontime + $_POST['setontime_hour'] * 3600; } if($_POST['setontime_min']) { $setontime = $setontime + $_POST['setontime_min'] * 60; } if($_POST['setontime_sec']) { $setontime = $setontime + $_POST['setontime_sec']; } if($setontime == 0) { $err_msg = $lang['errseltime']; $err_lvl = 3; } elseif($_POST['user'] == NULL) { $err_msg = $lang['errselusr']; $err_lvl = 3; } else { $allinsertdata = ''; $succmsg = ''; $nowtime = time(); foreach($_POST['user'] as $uuid) { $setontime = $setontime * -1; $allinsertdata .= "('".$uuid."', ".$nowtime.", ".$setontime."),"; $succmsg .= sprintf($lang['sccupcount'],$setontime,$uuid)."
"; } $allinsertdata = substr($allinsertdata, 0, -1); if($mysqlcon->exec("INSERT INTO `$dbname`.`admin_addtime` (`uuid`,`timestamp`,`timecount`) VALUES $allinsertdata;") === false) { $err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } else { $err_msg = substr($succmsg,0,-4); $err_lvl = NULL; } } } $_SESSION[$rspathhex.'csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32)); ?>