/** * 重新生成授权信息 * @param int $power_id 权限ID * @return json */ public function regen_auth_key() { $power_id = $this->input->get_post('id', TRUE); if ($this->form_validation->run() == FALSE) { $error = validation_errors(); $this->to_api_message(0, $error); } $power = $this->power->get($power_id); if (empty($power)) { $this->to_api_message(0, 'unknow_power'); } $this->load->helper('rand'); $updateData = $where = array(); $updateData = array('power_id' => create_rand_string(20), 'power_key' => create_rand_string(32)); $where = array('id' => $power_id); $op_description = sprintf("修改了%s权限的授权信息", $power['name']); $update = $this->power->update($updateData, $where); if ($update) { $this->add_op_log($op_description, 1); $this->to_api_message(1, 'update_power_success', $updateData); } else { $this->add_op_log($op_description, 0); $this->to_api_message(0, 'update_power_failed'); } }
function login_to_server($pseudo = '', $mdp = '', $bpUserId = 0, $returnSession = false, $fbUserId = 0) { global $p_user, $db_name, $directories, $st, $cw; $login_name = mysql_escape_string($pseudo ? $pseudo : (string) $_POST['pseudo']); $agent_hash = hash_user_agent(); /********************** Admin Login *******************/ if ($login_name == "Admin") { $password = mysql_escape_string((string) $_POST['mdp']); db("select * from se_games where admin_pw = '{$password}'"); $games_info = dbr(1); if (empty($games_info)) { //invalid admin login insert_history(1, "Bad login Attempt"); sleep(3); //so as to minimise trouble caused by people trying to guess the pass, and who don't know about the back button. :) exit("Login Failed. Do no pass go, do not collect your new Harvestor Mammoth."); } else { //Admin successfully logged into game $db_name = $games_info['db_name']; $session = create_rand_string(32); SetCookie("login_id", 1, 0); SetCookie("login_name", "Admin", time() + 2592000); SetCookie("session_id", $session, 0); flush(); //send cookies immediatly $expire = time() + SESSION_TIME_LIMIT; insert_history(1, "Successfully logged into {$db_name}"); dbn("update {$db_name}_users set game_login_count = game_login_count + 1 where login_id = '1'"); dbn("update se_games set session_id = '{$session}', session_exp = '{$expire}', user_agent = '{$agent_hash}' where db_name = '{$db_name}'"); echo "<script>self.location='location.php';</script> <noscript>You cannot login without JavaScript. Please enable Javascript, or use a browser that supports it.</noscript>"; exit; } } elseif (preg_match("/^admin\$/i", $login_name)) { //other spelling of admin. sleep(5); exit("Sod off - you can't even spell 'admin' properly can you?"); } /*************************User Login************************/ db("select * from user_accounts where login_name = '{$login_name}'"); $p_user = dbr(1); if (!isset($_POST['enc_pass']) || $mdp) { //user entered pass on login form $enc_pass = md5($mdp ? $mdp : $_POST['mdp']); $pre_enc_pass = 0; } else { //pass coming from being hidden in auth. so set pre_enc to ensure auth is checked. $enc_pass = $_POST['enc_pass']; $pre_enc_pass = 1; } if (empty($p_user)) { //incorrect username print_header($cw['login_problem']); echo "<blockquote>" . sprintf($st[1816], $login_name) . "<br />\r\n\t\t" . $st[1817] . "<p />\r\n\t\t<p /> <a href='inscription.php'>\r\n\t\t" . $cw['sign_up2'] . "</a> <p /> <a href=\"" . URL_PREFIX . "/index.php\">" . $st[1818] . "</a></b></blockquote>"; print_footer(); } elseif ($enc_pass != $p_user['passwd'] && !$bpUserId && !$fbUserId) { //incorrect password print_header($cw['bad_passwd']); echo "<blockquote><b>" . $st[1819] . "<br />" . $st[1820] . "\r\n\t\t<p /><a href=\"javascript:history.back()\">" . $st[1818] . "</a></b><p />" . $st[789] . " ? <a href=change_pass.php?stage_one=1>" . $cw['click_here'] . "</a></blockquote><p />"; insert_history($p_user['login_id'], $cw['bad_login']); print_footer(); } elseif ($p_user['bp_user_id'] && !$bpUserId) { // joueur BP connexion classique print_header("Problème de connexion"); echo "<blockquote><b>Erreur</b><br /><br />Il semble que vous vous soyez inscrit via notre partenaire <a href='http://www.bigpoint.com/' target='_blank'>BigPoint</a>, veuillez utiliser <a href='http://fr.bigpoint.com/games/astravires/' target='_blank'>la fiche jeu Astra Vires</a> sur son portail pour vous connecter.</blockquote><p />"; insert_history($p_user['login_id'], 'Joueur BP connexion classique'); print_footer(); //valid username/pass combination. //But MUST enter a auth code to continue, as pre_enc_pass was set. //or no auth code yet entered, and sendmail is set } elseif ($pre_enc_pass == 1 || $p_user['auth'] != 0 || $bpUserId) { //get user to enter auth code. if ((empty($_POST['auth_code']) || $_POST['auth_code'] != $p_user['auth'] && $p_user['auth'] != 0) && !$bpUserId) { print_header("Authorisation Code Required"); $rs = ""; if (empty($_POST['auth_code'])) { echo "Please enter the Authorisation Code that was sent to your email address:<br /><br />"; } else { echo "Authorisation Code did not match.<br />"; } echo "<form name=get_var_form action={$_SERVER['PHP_SELF']} method=POST>"; echo "<input type=hidden name=l_name value='{$login_name}'><input type=hidden name=enc_pass value='{$enc_pass}'>"; echo "<input type=text name=auth_code value='' size=20> - "; echo "<input type=submit value=Submit></form>"; print_footer(); } elseif ($_POST['auth_code'] == $p_user['auth'] || $bpUserId) { dbn("update user_accounts set auth = '0' where login_id = '{$p_user['login_id']}'"); } else { print_page("hmm", "Something Broke"); } } /*****************User successfully logged in***********************/ if ($p_user['mdp']) { setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']); } $session = create_rand_string(32); SetCookie("login_id", $p_user['login_id'], time() + 2592000); SetCookie("login_name", $p_user['login_name'], time() + 2592000); SetCookie("session_id", $session, 0); $expire = time() + SESSION_TIME_LIMIT; if (!$returnSession) { dbn("update user_accounts set last_login = "******", session_id = '{$session}', session_exp = '{$expire}', last_ip = '" . $_SERVER['REMOTE_ADDR'] . "', login_count = login_count + 1, user_agent = '{$agent_hash}' where login_id = '{$p_user['login_id']}'"); insert_history($p_user['login_id'], "Logged Into GameList"); } else { dbn("update user_accounts set session_id = '{$session}', session_exp = '{$expire}' where login_id = '{$p_user['login_id']}'"); } // update the password in clear to delete the encrypted one in the future dbn("update user_accounts set mdp = '" . $_POST['mdp'] . "' where login_id = '" . $p_user[login_id] . "'"); if ($p_user['last_login'] == 0 && !$returnSession) { //first login. show them the story. print_header("Histoire"); //load story $results = load_xml("{$directories['includes']}/stories.xml"); $story = $results['story']['Histoire']; echo "<a href='game_listing.php'>Continuer</a><br /><br />"; echo "\n<a name=top><center><b>{$story['title']}</b></center></a><br>{$story['content']} <p />Ecrit par <b class=b1>{$story['author']}</b>"; echo "<br /><br /><a href='game_listing.php'>Continuer</a>"; $rs = ''; print_footer(); } if ($returnSession) { return $session; } }
$since_last = array(0 => 0); $final_str .= "\n\n<hr><p>Beginning Server Maintenance...<p>"; /********************** * Quick Maints **********************/ //Change the tip for the day. db("select tip_id from daily_tips order by RAND() limit 1"); $tip_count = dbr(1); dbn("update se_central_table set todays_tip = '{$tip_count['tip_id']}'"); $final_str .= "\n<br />New tip chosen - tip # {$tip_count['tip_id']}...<br />"; //delete accounts that have not been authorised within a week $time_to_del_from = time() - 604800; dbn("delete from user_accounts where signed_up <= '{$time_to_del_from}' && session_exp = 0 && login_id > 5 && login_count = 0"); $final_str .= "\n<br />" . mysql_affected_rows() . " unauthorised user accounts deleted...<br />"; //change AI passwords daily. Wouldn't do to have someone get access to them. $p_pass = md5(create_rand_string(50)); dbn("update user_accounts set passwd = '{$p_pass}' where login_id = '2' || login_id = 3 || login_id = 4 || login_id = 5"); $final_str .= "\n<br />Special accounts pass changed...<br />"; //delete user history older than 3 weeks. dbn("delete from user_history where timestamp < " . time() . "-1814400"); $final_str .= "\n<br />" . mysql_affected_rows() . " old rows from the user_history deleted...<br />"; //delete posts to the central forum that are older than 3 weeks. dbn("delete from se_central_messages where timestamp < " . time() . "-1814400"); $final_str .= "\n<br />" . mysql_affected_rows() . " messages from the central forum were deleted...<br />"; print_time(); //backup the DB if requested. & delete old files if ($make_database_backups == 1) { backup_db(); print_time(); delete_old_backups($max_num_db_backups, "_db_backup"); print_time();
//user entered e-mail addy. Check it and send e-mail if valid } elseif (isset($_POST['stage_two'])) { print_header($cw['password_changing']); if (empty($_POST['mail_addy'])) { echo $st[1023] . ". {$back_link}."; } else { //Connect to the database db_connect(); db("select login_id, email_address, real_name from user_accounts where email_address = '" . mysql_escape_string($_POST['mail_addy']) . "'"); $account_details = dbr(1); if (empty($account_details['login_id'])) { //couldn't find account echo $st[1024] . "{$back_link}"; } else { //create the random string $changing_data = create_rand_string(32); //enter number, and timestamp into db. dbn("update user_accounts set pass_change = '" . $changing_data . "*" . time() . "' where login_id = '{$account_details['login_id']}'"); //create the url $url = URL_PREFIX . "/change_pass.php?data_var=" . $changing_data . "&lid=" . $account_details['login_id']; $message = sprintf($st[1025], $account_details[real_name]) . SERVER_NAME . sprintf($st[1026], $url); //try to send the mail if (send_mail(SERVER_NAME, $_SERVER['SERVER_ADMIN'], $account_details['real_name'], $account_details['email_address'], SERVER_NAME . $cw['password_reset'], $message)) { echo $st[1027]; } else { echo $st[1028]; echo $st[1029]; } } } //user has clicked the link