/** * Get active users username - from session! */ function getActiveUserDetails() { /* session_start(); */ if (isset($_SESSION['ipamusername'])) { return getUserDetailsByName($_SESSION['ipamusername']); } else { return false; } session_write_close(); }
/** * Check subnet permissions */ function checkSubnetPermission($subnetId) { # open session and get username / pass if (!isset($_SESSION)) { session_start(); } # redirect if not authenticated */ if (empty($_SESSION['ipamusername'])) { return "0"; } else { $username = $_SESSION['ipamusername']; } # get all user groups global $userDetails; if (!isset($userDetails)) { $user = getUserDetailsByName($username); } else { $user = $userDetails; } $groups = json_decode($user['groups']); # if user is admin then return 3, otherwise check if ($user['role'] == "Administrator") { return "3"; } # get subnet permissions $subnet = getSubnetDetailsById($subnetId); $subnetP = json_decode($subnet['permissions']); # get section permissions $section = getSectionDetailsById($subnet['sectionId']); $sectionP = json_decode($section['permissions']); # default permission $out = 0; # for each group check permissions, save highest to $out if (sizeof($sectionP) > 0) { foreach ($sectionP as $sk => $sp) { # check each group if user is in it and if so check for permissions for that group foreach ($groups as $uk => $up) { if ($uk == $sk) { if ($sp > $out) { $out = $sp; } } } } } else { $out = "0"; } # if section permission == 0 then return 0 if ($out == "0") { return "0"; } else { $out = "0"; # ok, user has section access, check also for any higher access from subnet if (sizeof($subnetP) > 0) { foreach ($subnetP as $sk => $sp) { # check each group if user is in it and if so check for permissions for that group foreach ($groups as $uk => $up) { if ($uk == $sk) { if ($sp > $out) { $out = $sp; } } } } } } # return result return $out; }
<?php /** * * phpipam installation page! * */ # check if php is built properly include 'functions/checkPhpBuild.php'; # check for support for PHP modules and database connection # if already installed than redirect ! if (tableExists("vrf")) { # we permit if admin pass is default! $admin = getUserDetailsByName("Admin"); if ($admin['password'] != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') { if (defined('BASE')) { header("Location: " . BASE . create_link(null)); } else { header("Location: " . create_link(null)); } die; } } # printout ?> <!DOCTYPE HTML> <html lang="en"> <head> <base href="<?php
$echoS = "You should agree to comply with the rules."; } elseif (!$cgi['cheat']) { $echoS = "You should promise not to try to gain an unfair advantage by breaking the rules."; } elseif (!$cgi['account']) { $echoS = "You should agree to have ONLY one " . $conf["sitename"] . " account."; } elseif (!$cgi['turing'] || (strtolower($cgi['turing']) != strtolower($_SESSION['number']))) { $echoS = "You should type the text that you see on the image."; } else { //echo "Registering"; $isResistered = 1; $pas = genRandomPas(); createUser($cgi['username'], $cgi['race'], $cgi['email'], $pas, $cgi['uniqid']); if ($cgi['uniqid']) { updateUser($cgi['uniqid'], " uu=uu+10 "); } $us = getUserDetailsByName($cgi['username'], " ID "); addIP($HTTP_SERVER_VARS['REMOTE_ADDR'], $us->ID); //echo "==".$cgi['email']."=="; $html = "<html><body>Your name is: {$cgi['username']} <br>\n Your activation password is {$pas}</body></html>"; $plain = "Your name is: {$cgi['username']} \n Your activation password is {$pas}"; $email = new clsMAIL($cgi['email'], "World War II :: {$cgi['username']}", $html, $plain); $email->addheader("To", "\"$cgi[username]\" <$cgi[email]>"); if ($email->send()) { echo "<br><br><center><font color=red>Your activation password was sent to your e-mail.</font></center><br><br><br><br>"; } else { echo "There was an error sending the email message"; } //echo "--$ism--"; } }
if ($log['severity'] == 0) { $log['severityText'] = _("Informational"); $color = "success"; } else { if ($log['severity'] == 1) { $log['severityText'] = _("Notice"); $color = "warning"; } else { $log['severityText'] = _("Warning"); $color = "error"; } } /** * get user details */ $user = getUserDetailsByName($log['username']); ?> <!-- header --> <div class="pHeader"><?php print _('Log details'); ?> </div> <!-- content --> <div class="pContent"> <table class="table table-striped table-condensed">
function createUser($userName, $race, $email, $password, $commander, $active = 0, $uniqueLink = "", $dalevel = 0, $salevel = 0, $gold = 50000, $lastturntime = 0, $attackturns = 30, $up = 0, $calevel = 0, $sasoldiers = 0, $samercs = 0, $dasoldiers = 0, $damercs = 0, $uu = 200, $spies = 0) { if (!$lastturntime) { $lastturntime = time(); } $uniqueLink = genUniqueLink(); if (!valchar($userName)) { return; } $str = "INSERT INTO `UserDetails` (userName,race,email,password,commander,active,uniqueLink,dalevel,salevel, gold,lastturntime,attackturns,up,calevel, sasoldiers,samercs,dasoldiers,damercs,uu,spies) VALUES ('$userName','$race','$email','" . md5($password) . "','$commander','$active','$uniqueLink','$dalevel','$salevel', '$gold','$lastturntime','$attackturns','$up','$calevel', '$sasoldiers','$samercs','$dasoldiers','$damercs','$uu','$spies')"; //echo "<center>Your temporary password is: $password</center><br>"; $q = mysql_query($str); if (!$q) { print ('Query failed: ' . mysql_error()); return $password; } $us = getUserDetailsByName($userName); $userID = $us->ID; $str = "INSERT INTO `Ranks` (userID) VALUES ('$userID') "; $q = mysql_query($str); return $password; }
if ($log['severity'] == 0) { $log['severityText'] = _("Informational"); $color = "success"; } else { if ($log['severity'] == 1) { $log['severityText'] = _("Notice"); $color = "warning"; } else { $log['severityText'] = _("Warning"); $color = "error"; } } /** * get user details */ $user = getUserDetailsByName($log['username'], false); ?> <!-- header --> <div class="pHeader"><?php print _('Log details'); ?> </div> <!-- content --> <div class="pContent"> <table class="table table-striped table-condensed">