Beispiel #1
0
function action_webvalidate()
{
    global $bbdbname, $dbname, $link;
    if (array_key_exists("url", $_REQUEST)) {
        $URL = $_REQUEST['url'];
    } else {
        die('ERROR, you must pass in a URL value');
    }
    if (array_key_exists("username", $_REQUEST)) {
        $username = utf8_clean_string($_REQUEST['username']);
    } else {
        die('ERROR, you must pass in a USERNAME value');
    }
    if (array_key_exists("password", $_REQUEST)) {
        $password = $_REQUEST['password'];
    } else {
        die('ERROR, you must pass in a PASSWORD value');
    }
    if (!mysql_select_db($bbdbname)) {
        die('Could not open db:' . $bbdbname . ' ' . mysql_error());
    }
    $result = mysql_query("SELECT user_id, user_password FROM bzbb3_users " . "WHERE username_clean='{$username}' " . "AND user_inactive_reason=0", $link) or die("Invalid query: " . mysql_error());
    $row = mysql_fetch_row($result);
    $playerid = $row[0];
    if (!$playerid || !phpbb_check_hash($password, $row[1])) {
        dumpPageHeader();
        print '
			<tr>
				<td valign="top">
					<b>The username or password you entered was invalid.</b>
				</td>
			</tr>
		';
        dumpPageFooter();
    } else {
        srand(microtime() * 100000000);
        $token = rand(0, 2147483647);
        $result = mysql_query("UPDATE bzbb3_users SET " . "user_token='{$token}', " . "user_tokendate='" . time() . "', " . "user_tokenip='" . $_SERVER['REMOTE_ADDR'] . "' " . "WHERE user_id='{$playerid}'", $link) or die("Invalid query: " . mysql_error());
        //	$redirURL = $URL . '?username='******'&token=' . $token;
        // let them specify the paramaters, we'll just replace them with real info
        $redirURL = str_replace(array('%TOKEN%', '%USERNAME%'), array($token, urlencode($username)), $URL);
        header('location: ' . $redirURL);
    }
    if (!mysql_select_db($dbname)) {
        die('Could not open db: ' . mysql_error());
    }
}
Beispiel #2
0
function dumpMainPage()
{
    global $link, $dbname, $bbdbname;
    dumpPageHeader();
    if (!$_SESSION['bzid']) {
        // We're not logged in... print login form
        ?>
This page is the admin interface for the BZFlag list server located at my.bzflag.org. If you are a list server administrator, please log in. Otherwise, please disconnect now.<br><br>

<form method="POST" action="<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
">
	<input type="hidden" name="action" value="LOGIN">
	<table>
		<tr><td>Username:</td><td><input type="text" name="username" size="20"></td></tr>
		<tr><td>Password:</td><td><input type="password" name="password" size="20"></td></tr>
	</table>
	<input type="submit" value="Log In">
</form>

<?php 
        dumpPageFooter();
        return;
    }
    // user is logged in... print main admin page, starting with welcome
    mysql_select_db($bbdbname) or die("Could not select user database.");
    $sql = 'SELECT username FROM bzbb3_users WHERE user_id = ' . $_SESSION['bzid'];
    $result = mysql_query($sql);
    if (!$result) {
        echo 'Sorry, unknown error: <div style="display: inline; color: grey">' . mysql_error() . '</div>';
        dumpPageFooter();
        return;
    } else {
        if (mysql_num_rows($result) > 0) {
            echo '<i>Wassup, ' . mysql_result($result, 0, "username") . '?</i>&nbsp;' . '<a href="' . $_SERVER['PHP_SELF'] . '?action=LOGOUT">(Log Out)</a><br><br>' . "\n\n";
        }
    }
    // current bans list
    mysql_select_db($dbname) or die("Could not select bzfls database.");
    $sql = 'SELECT * FROM serverbans WHERE 1';
    $result = mysql_query($sql);
    if (!$result) {
        echo 'Sorry, unknown error: <div style="display: inline; color: grey">' . mysql_error() . '</div>';
        dumpPageFooter();
        return;
    }
    echo "<b>Bans</b><br>\n";
    if (mysql_num_rows($result) > 0) {
        ?>
<table cellpadding="5px" class="listform" border=1>
	<tr class="dark">
		<td>Active</td>
		<td>Type</td>
		<td>IP/Hostname</td>
		<td>Owner</td>
		<td>Reason</td>
		<td>By</td>
		<td colspan="3">&nbsp;</td>
	</tr>
<?php 
        // compile array of current bans
        $bans = array();
        while ($result_array = mysql_fetch_array($result)) {
            array_push($bans, array('id' => $result_array['banid'], 'active' => $result_array['active'], 'type' => $result_array['type'], 'value' => $result_array['value'], 'owner' => $result_array['owner'], 'reason' => $result_array['reason'], 'lastby' => $result_array['lastby']));
        }
        // convert each 'lastby' bzid to a username
        mysql_select_db($bbdbname) or die("Could not select user database.");
        for ($i = 0; $i < count($bans); ++$i) {
            $sql = 'SELECT username FROM bzbb3_users WHERE user_id = ' . $bans[$i]['lastby'];
            $result = mysql_query($sql);
            if ($result && mysql_num_rows($result) > 0) {
                $bans[$i]['lastby'] = mysql_result($result, 0, "username");
            }
        }
        // output the row
        foreach ($bans as $ban) {
            echo '<tr' . ($ban['active'] ? ' class="highlight"' : '') . '>' . '<td>' . ($ban['active'] ? 'Yes' : 'No') . '</td>';
            if ($ban['type'] == 'ipaddress') {
                echo '<td>IP Address</td>';
            } else {
                if ($ban['type'] == 'hostname') {
                    echo '<td>Hostname</td>';
                } else {
                    echo '<td>Unknown</td>';
                }
            }
            echo '<td>' . $ban['value'] . '</td>' . '<td>' . $ban['owner'] . '</td>' . '<td>' . $ban['reason'] . '</td>' . '<td>' . $ban['lastby'] . '</td>' . '<td align="center">' . '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">' . '<input type="hidden" name="action" value="' . ($ban['active'] ? "DEACTIVATE" : "ACTIVATE") . '">' . '<input type="hidden" name="id" value="' . $ban['id'] . '">' . '<input type="submit" value="' . ($ban['active'] ? "Deactivate" : "Activate") . '">' . '</form></td>' . '<td align="center"><form method="POST" action="' . $_SERVER['PHP_SELF'] . '">' . '<input type="hidden" name="action" value="EDIT">' . '<input type="hidden" name="id" value="' . $ban['id'] . '">' . '<input type="submit" value="Edit"></form></td>' . '<td align="center"><form method="POST" action="' . $_SERVER['PHP_SELF'] . '">' . '<input type="hidden" name="action" value="DELETE">' . '<input type="hidden" name="id" value="' . $ban['id'] . '">' . '<input type="submit" value="Delete"></form></td>' . "</tr>\n";
        }
        ?>
</table>
<br>
<?php 
    } else {
        echo "<i>There are no bans on file at this time.</i><br><br>\n\n";
    }
    ?>
<form method="POST" action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
">
	<input type="hidden" name="action" value="NEW">
	<input type="submit" value="New Ban">
</form>
<?php 
    dumpPageFooter();
}