<?php
/*
* CloudLevels, an easy way to share user created level files for video games.
* Copyright (C) 2016 Alexander Aquino
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program. If not, see <http://www.gnu.org/licenses/>.
*/
//CloudLevels Logout Page
//Header + Vars:
$page_title = 'Log Out';
include 'header.php';
//Destroy Session
session_destroy();
//Refresh
header("Refresh:2;url=index.php");
//Message
successbox('You have been logged out.');
//Footer
include 'footer.php';
if ($user_type != -1) {
errorbox('You do not have permission to view this page.');
include 'footer.php';
exit(0);
}
//When there is input data
if (!empty($_POST["username"])) {
//Check if password is correct, index if correct, error otherwise
try {
$stmt = $db->prepare("\n\t\t\tSELECT id, username, password\n\t\t\tFROM cl_user\n\t\t\tWHERE username = ?");
$stmt->execute(array($_POST["username"]));
$result = $stmt->fetchAll();
$passhash = $result[0]['password'];
//Compare password hash
if (crypt($_POST["password"], $passhash) == $passhash) {
successbox('Logging in. Please wait.');
//Session set
$_SESSION['uid'] = $result[0]['id'];
//Refresh
header("Refresh:2;url=index.php");
} else {
errorbox('Invalid login information.');
}
} catch (PDOException $ex) {
errorbox('Something happened.');
}
} else {
?>
<br>
<div class="container">
$stmt->execute(array($_POST["username"]));
//If user exists
if ($stmt->rowCount() > 0) {
errorbox('User already exists.');
} else {
//Check if IP address exists
$stmt = $db->prepare("\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM cl_user\n\t\t\t\t\tWHERE ip = ?");
$stmt->execute(array($_SERVER['REMOTE_ADDR']));
//If IP address exists
if ($stmt->rowCount() > 0) {
errorbox('You are only allowed to have one account.');
} else {
date_default_timezone_set('America/New_York');
$stmt = $db->prepare("\n\t\t\t\t\t\tINSERT INTO cl_user(username, password, date, ip)\n\t\t\t\t\t\tVALUES(?,?,?,?)");
$stmt->execute(array(htmlspecialchars($_POST["username"]), crypt($_POST["password"]), date("F j, Y"), $_SERVER['REMOTE_ADDR']));
successbox('Your account has been created. Please log in.');
}
}
} catch (PDOException $ex) {
$db->rollBack();
errorbox('Account could not be created. Hit the back button and try again.');
}
}
}
} else {
?>
<br>
<div class="container">
<div class="row card hoverable">
<span class="col s12 card-title <?php
//Increment upload count
$stmt = $db->prepare("\n\t\t\tUPDATE cl_user\n\t\t\tSET uploads = uploads+1\n\t\t\tWHERE id = ?");
$stmt->execute(array($_SESSION['uid']));
//End
$db->commit();
} catch (PDOException $ex) {
$db->rollBack();
errorbox('Upload failed. Please try again later.');
include 'footer.php';
exit(0);
}
//Actually upload the files
move_uploaded_file($_FILES["file"]["tmp_name"], "data/" . $last_id . ".zip");
move_uploaded_file($_FILES["screenshot"]["tmp_name"], "data/" . $last_id . ".png");
//Success!
successbox('File uploaded. Please wait.');
//Refresh
header("Refresh:2;url=file.php?id=" . $last_id);
} else {
?>
<br>
<div class="container">
<div class="row card hoverable">
<span class="col s12 card-title <?php
echo $theme;
?>
white-text center" style="font-size: 200%;">Upload File</span>
<form action="upload.php" method="post" enctype="multipart/form-data" class="col s12 m10 l8 offset-m1 offset-l2">
<div class="file-field input-field">
<div class="btn <?php
try {
//Check password
if ($_POST["password_confirm"] != $_POST["password_new"]) {
errorbox('New password and confirm password mismatch.');
} else {
//SQL Stuff
$stmt = $db->prepare("\n\t\t\t\tSELECT username, password\n\t\t\t\tFROM cl_user\n\t\t\t\tWHERE username = ?");
$stmt->execute(array($user_name));
$result = $stmt->fetchAll();
$passhash = $result[0]['password'];
//Compare password hash
if (crypt($_POST["password_old"], $passhash) == $passhash) {
//SQL Stuff
$stmt = $db->prepare("\n\t\t\t\t\tUPDATE cl_user\n\t\t\t\t\tSET password = ?\n\t\t\t\t\tWHERE username = ?");
$stmt->execute(array(crypt($_POST["password_new"]), $user_name));
successbox('Your password has been changed.');
} else {
errorbox('Wrong password');
}
}
} catch (PDOException $ex) {
errorbox('Something happened.');
}
}
?>
<br>
<div class="container">
<div class="row card hoverable">
<span class="col s12 card-title <?php
echo $theme;
//Modify members if specified
if (!empty($_GET["user"])) {
if ($_GET["user"] == $user_name) {
errorbox('You can not demote yourself!');
} else {
//SQL Stuff
$stmt = $db->prepare("\n\t\t\t\tUPDATE cl_user\n\t\t\t\tSET usergroup = ?\n\t\t\t\tWHERE username = ?");
$stmt->execute(array($_GET["update"], $_GET["user"]));
if ($_GET["update"] == 0) {
successbox($_GET["user"] . " is now a regular member.");
} else {
if ($_GET["update"] == 1) {
successbox($_GET["user"] . " has been banned. Good bye!");
} else {
if ($_GET["update"] == 2) {
successbox($_GET["user"] . " is now an administrator.");
}
}
}
}
}
//Get Member data
$append = 'id';
$append2 = '';
if (!empty($_GET["sort"]) && $_GET["sort"] == 'uploaded') {
$append = 'uploads';
}
if (!empty($_GET["username"])) {
$append2 = 'WHERE username = ?';
}
$stmt = $db->prepare("\n\t\tSELECT SQL_CALC_FOUND_ROWS *\n\t\tFROM cl_user\n\t\t" . $append2 . "\n\t\tORDER BY " . $append . " DESC\n\t\t" . page_sql_calc(25));
*/
//CloudLevels View All Comments
//Header + Vars:
$page_title = 'All Comments';
include 'header.php';
//Delete comments
if ($user_type == 2 && !empty($_GET["deletecomment"])) {
try {
$stmt = $db->prepare("\r\n\t\t\t\tDELETE FROM cl_comment\r\n\t\t\t\tWHERE id = ?");
$stmt->execute(array($_GET["deletecomment"]));
} catch (PDOException $ex) {
errorbox('Something happened.');
include 'footer.php';
exit(0);
}
successbox('Comment deleted. Please wait.');
header("Location:comments.php");
include 'footer.php';
exit(0);
}
$comments = null;
$num_rows = 0;
try {
$stmt = $db->prepare("\r\n\t\tSELECT SQL_CALC_FOUND_ROWS *\r\n\t\tFROM cl_comment JOIN cl_user ON cl_comment.author=cl_user.id\r\n\t\tORDER BY cl_comment.id DESC\r\n\t\t" . page_sql_calc(10));
$stmt->execute();
$comments = $stmt->fetchAll();
$num_rows = $db->query('SELECT FOUND_ROWS()')->fetchColumn();
} catch (PDOException $ex) {
errorbox('Something happened.');
}
?>
fwrite($configfile, "\$db_password='******';\n");
fwrite($configfile, "\$db_database='" . $db_database . "';\n");
//Write default configuration stuff
fwrite($configfile, "\$site_name='" . addslashes($_POST["name"]) . "';\n");
fwrite($configfile, "\$site_desc='" . addslashes($_POST["description"]) . "';\n");
fwrite($configfile, "\$game_url='" . addslashes($_POST["download"]) . "';\n");
fwrite($configfile, "\$file_size_limit='" . addslashes($_POST["file_size"]) . "';\n");
fwrite($configfile, "\$tags='" . addslashes($_POST["tag_list"]) . "';\n");
fwrite($configfile, "\$theme='" . addslashes($_POST["theme"]) . "';\n");
fwrite($configfile, "\$reg_question='" . addslashes($_POST["reg_question"]) . "';\n");
fwrite($configfile, "\$reg_answer='" . addslashes($_POST["reg_answer"]) . "';\n");
//Close file
fwrite($configfile, "?>\n");
fclose($configfile);
//Message
successbox('Settings updated. Please wait.');
//Refresh
header("Refresh:2");
} else {
?>
<br>
<div class="container">
<div class="row card hoverable">
<span class="col s12 card-title <?php
echo $theme;
?>
white-text center" style="font-size: 200%;">Administrator Control Panel</span>
<form action="admin.php" method="post" class="col s12 m10 l8 offset-m1 offset-l2">
<div class="input-field col s12">
<i class="fa fa-commenting-o prefix" aria-hidden="true"></i>
