function ProcessUserRemove() { global $database; global $current_user; global $can_delete_users; $result = new UserRemoveResult(); // only allow users with the required privileges to delete users if (!$can_delete_users) { $result->success = false; $result->error_message = "Your user account does not have sufficient priviledges to delete users."; return $result; } // verify the username has been set if (!isset($_POST["user_remove"]) || empty($_POST["user_remove"])) { $result->success = false; $result->error_message = "No username to remove provided."; return $result; } $result->user_name = $_POST["user_remove"]; // prevent the currently signed in user from being removed if ($result->user_name === $current_user) { $result->success = false; $result->error_message = "You cannot remove the currently logged in user."; return $result; } // if the user removal has been confirmed, remove the user from the database $result->removal_confirmed = isset($_POST["user_remove_confirm"]); if ($result->removal_confirmed) { // check that the user account exists in the database $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?"); $user_read->ExecuteQuery(array($result->user_name)); if (!$user_read->MoveNext()) { $result->success = false; $result->error_message = "Matching username not found in the database."; return $result; } // delete the user account from the database $sql = "DELETE FROM map_server_users WHERE username = ?"; $remove_user_query = $database->prepare($sql); if ($remove_user_query->execute(array($result->user_name))) { print_line_inset("User " . $result->user_name . " removed.<br/>", 2); } else { print_line_inset("Failed to remove user " . $result->user_name . ".<br/>", 2); } } $result->success = true; return $result; }
function GetMapsInFolder($folder) { if ($folder == NULL) { die("ERROR: Path passed to GetFolderMapList is empty.<br/>"); } // open the maps folder and iterate through its contents $handle = opendir($folder); if (!$handle) { print_line_inset("Failed to open the maps directory.<br/>", 2); return null; } $map_list = array(); while (false !== ($entry = readdir($handle))) { if (strcmp($entry, ".") == 0 || strcmp($entry, "..") == 0) { continue; } // check the extension of the file (.map, .yelo or .xml) $file_info = pathinfo($entry); $file_type = 0; if (strcmp($file_info["extension"], "map") == 0) { $file_type = 1; } if (strcmp($file_info["extension"], "yelo") == 0) { $file_type = 1; } if (strcmp($file_info["extension"], "xml") == 0) { $file_type = 2; } $file_location = $folder . "/" . $entry; switch ($file_type) { case 1: $map_list[] = new MapFileDetails($file_info["filename"], $file_location, true); break; case 2: if (($map_definition = LoadDefinition($file_location)) != null) { $map_info = pathinfo($map_definition->name); $map_list[] = new MapFileDetails($map_info["filename"], $file_location, true); } else { continue; } break; default: continue; } } closedir($handle); return $map_list; }
<?php /* Yelo: Open Sauce SDK Halo 1 (CE) Edition See license\OpenSauce\Halo1_CE for specific license information */ include_once "admin/map_database/map_entry_remove_func.php"; if (!$can_delete_map_entries) { print_line_inset("Your user account does not have sufficient privileges to remove map entries.</br>", 2); } else { $file_id_set = isset($_POST['map_entry_remove']) && !empty($_POST['map_entry_remove']); if (!$file_id_set) { print_line_inset("No file id provided", 2); } else { $map_entry_remove_result = RemoveMapEntry($database, $_POST['map_entry_remove'], $config->map_server->map_compressed_dir); foreach ($map_entry_remove_result->messages as $value) { print_line_inset($value . "<br/>", 2); } if (!$map_entry_remove_result->success) { print_line_inset($map_entry_remove_result->error_message, 2); } } }
<?php } ?> </tr> <?php require_once 'admin/map_database/map_entry_list.php'; $map_entry_list = GetMapEntryList($database); foreach ($map_entry_list as $value) { print_line_inset("<tr>", 4); print_line_inset("<td>" . $value->map_name . "</td>", 5); print_line_inset("<td>" . $value->map_extension . "</td>", 5); print_line_inset("<td>" . $value->map_processed . "</td>", 5); // only preint the delete entry form if the users permissions allow it if ($can_delete_map_entries) { print_line_inset("<td>", 5); print_line_inset("<form name='map_addition_form' method='post' action=''>", 6); print_line_inset("<div>", 7); print_line_inset("<input type='hidden' name='map_database'/>", 8); print_line_inset("<input type='hidden' name='map_entry_remove' value='" . $value->map_file_id . "'/>", 8); print_line_inset("<input class='form_button_100px' type='submit' value='Remove Entry'/>", 8); print_line_inset("</div>", 7); print_line_inset("</form>", 6); print_line_inset("</td>", 5); } print_line_inset("</tr>", 4); } ?> </table> </div>
function ProcessUserAdd() { global $database; global $can_create_users; $result = new UserAddResult(); if (!$can_create_users) { $result->success = false; $result->error_message = "Your user account does not have sufficient priviledges to add new users."; return $result; } $result->user_name = ""; $result->user_can_create_map_entry = false; $result->user_can_delete_map_entry = false; $result->user_can_edit_map_entry = false; $result->user_can_create_users = false; $result->user_can_delete_users = false; $result->user_can_edit_users = false; if (isset($_POST['user_add_username'])) { $result->user_name = $_POST['user_add_username']; $result->user_can_create_map_entry = isset($_POST['user_add_can_create_map_entry']); $result->user_can_delete_map_entry = isset($_POST['user_add_can_delete_map_entry']); $result->user_can_edit_map_entry = isset($_POST['user_add_can_edit_map_entry']); $result->user_can_create_users = isset($_POST['user_add_can_create_users']); $result->user_can_delete_users = isset($_POST['user_add_can_delete_users']); $result->user_can_edit_users = isset($_POST['user_add_can_edit_users']); print_line_inset("<h3>Output</h3>", 2); if (empty($result->user_name)) { print_line_inset("No username set.<br/><br/>", 2); } else { $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?"); $user_read->ExecuteQuery(array($result->user_name)); if ($user_read->MoveNext()) { print_line_inset("An account with that username already exists.<br/><br/>", 2); } else { // generate a random password for the new user account $result->user_password = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 8); $user_write = new UserWrite($database, "INSERT INTO `map_server_users` ({0}) VALUES ({1})"); $password_hash = new PasswordHash(8, true); $user_write->username = $result->user_name; $user_write->password_hash = $password_hash->HashPassword($result->user_password); if ($result->user_can_create_map_entry) { $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE; } if ($result->user_can_delete_map_entry) { $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE; } if ($result->user_can_edit_map_entry) { $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT; } if ($result->user_can_create_users) { $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE; } if ($result->user_can_delete_users) { $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE; } if ($result->user_can_edit_users) { $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT; } $user_write->ExecuteQuery(NULL); print_line_inset("New user added!<br/>", 2); print_line_inset("Username: "******"<br/>", 2); print_line_inset("Password: "******"<br/>", 2); print_line_inset("<br/>", 2); print_line_inset("This password is randomly generated and should be changed by the user.<br/>", 2); print_line_inset("<br/>", 2); } } } $result->success = true; return $result; }
<?php /* Yelo: Open Sauce SDK Halo 1 (CE) Edition See license\OpenSauce\Halo1_CE for specific license information */ // required to force a refresh of the tables when reloaded header("Cache-Control: no-store, no-cache, must-revalidate"); set_include_path("*admin include path*"); require_once "admin/common/config.php"; require_once "admin/common/print.php"; require_once "admin/common/user_account.php"; require_once "admin/common/sql_database.php"; require_once "admin/map_database/map_entry_add_func.php"; if (!$can_create_map_entries) { die("Your user account does not have sufficient privileges to add map entries."); } // increase script timeout value ini_set('max_execution_time', 5000); $add_map_entry_result = ProcessAddMapEntry(); foreach ($add_map_entry_result->messages as $value) { print_line_inset($value . "<br/>", 2); } if (!$add_map_entry_result->success) { print_line_inset($add_map_entry_result->error_message, 2); }
$part_file = $file_info["dirname"] . "/" . $value->name; // delete the part if (file_exists($part_file)) { if (!unlink($part_file)) { $can_delete_map_entries->success = false; $can_delete_map_entries->error_message = "Failed to delete file. (" . $part_file . ")"; return $result; } else { $result->messages[] = "File deleted successfully. (" . $part_file . ")"; } } else { $result->messages[] = "WARNING: File does not exist:" . $part_file . ""; } } } // try and delete the file if (!unlink($map_file)) { $result->messages[] = "WARNING: Failed to delete file. (" . $map_file . ")"; } else { $result->messages[] = "File deleted successfully. (" . $map_file . ")"; } $result->success = true; return $result; } $map_file_delete_result = ProcessMapFileDelete(); foreach ($map_file_delete_result->messages as $value) { print_line_inset($value . "<br/>", 2); } if (!$map_file_delete_result->success) { print_line_inset($map_file_delete_result->error_message, 2); }
function ProcessUserEdit() { global $database; global $current_user; global $can_edit_users; $result = new UserEditResult(); // only allow users with the required privileges to delete users if (!$can_edit_users) { $result->success = false; $result->error_message = "Your user account does not have sufficient priviledges to edit users."; return $result; } // verify the username has been set if (!isset($_POST["user_edit"]) || empty($_POST["user_edit"])) { $result->success = false; $result->error_message = "No username to edit provided."; return $result; } $result->user_name = $_POST["user_edit"]; // prevent the currently signed in user from being edited if ($result->user_name === $current_user) { $result->success = false; $result->error_message = "You cannot edit the currently logged in user."; return $result; } $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?"); $user_read->ExecuteQuery(array($result->user_name)); if (!$user_read->MoveNext()) { $result->success = false; $result->error_message = "Unable to find user in database."; return $result; } $result->user_can_create_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE; $result->user_can_delete_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE; $result->user_can_edit_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT; $result->user_can_create_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE; $result->user_can_delete_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE; $result->user_can_edit_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT; if (isset($_POST['user_edit_save'])) { $result->user_can_create_map_entry = isset($_POST['user_edit_can_create_map_entry']); $result->user_can_delete_map_entry = isset($_POST['user_edit_can_delete_map_entry']); $result->user_can_edit_map_entry = isset($_POST['user_edit_can_edit_map_entry']); $result->user_can_create_users = isset($_POST['user_edit_can_create_users']); $result->user_can_delete_users = isset($_POST['user_edit_can_delete_users']); $result->user_can_edit_users = isset($_POST['user_edit_can_edit_users']); $user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?"); $user_update->username = $user_read->username; $user_update->password_hash = $user_read->password_hash; $user_update->map_database_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE; $user_update->user_control_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE; if ($result->user_can_create_map_entry) { $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE; } if ($result->user_can_delete_map_entry) { $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE; } if ($result->user_can_edit_map_entry) { $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT; } if ($result->user_can_create_users) { $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE; } if ($result->user_can_delete_users) { $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE; } if ($result->user_can_edit_users) { $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT; } $user_update->ExecuteQuery(array($user_read->username)); print_line_inset("<h3>Output</h3>", 2); print_line_inset("Changes saved.<br/><br/>", 2); } $result->success = true; return $result; }