/**
* Get active users username - from session!
*/
function getActiveUserDetails()
{
/* session_start(); */
if (isset($_SESSION['ipamusername'])) {
return getUserDetailsByName($_SESSION['ipamusername']);
} else {
return false;
}
session_write_close();
}
/**
* Check subnet permissions
*/
function checkSubnetPermission($subnetId)
{
# open session and get username / pass
if (!isset($_SESSION)) {
session_start();
}
# redirect if not authenticated */
if (empty($_SESSION['ipamusername'])) {
return "0";
} else {
$username = $_SESSION['ipamusername'];
}
# get all user groups
global $userDetails;
if (!isset($userDetails)) {
$user = getUserDetailsByName($username);
} else {
$user = $userDetails;
}
$groups = json_decode($user['groups']);
# if user is admin then return 3, otherwise check
if ($user['role'] == "Administrator") {
return "3";
}
# get subnet permissions
$subnet = getSubnetDetailsById($subnetId);
$subnetP = json_decode($subnet['permissions']);
# get section permissions
$section = getSectionDetailsById($subnet['sectionId']);
$sectionP = json_decode($section['permissions']);
# default permission
$out = 0;
# for each group check permissions, save highest to $out
if (sizeof($sectionP) > 0) {
foreach ($sectionP as $sk => $sp) {
# check each group if user is in it and if so check for permissions for that group
foreach ($groups as $uk => $up) {
if ($uk == $sk) {
if ($sp > $out) {
$out = $sp;
}
}
}
}
} else {
$out = "0";
}
# if section permission == 0 then return 0
if ($out == "0") {
return "0";
} else {
$out = "0";
# ok, user has section access, check also for any higher access from subnet
if (sizeof($subnetP) > 0) {
foreach ($subnetP as $sk => $sp) {
# check each group if user is in it and if so check for permissions for that group
foreach ($groups as $uk => $up) {
if ($uk == $sk) {
if ($sp > $out) {
$out = $sp;
}
}
}
}
}
}
# return result
return $out;
}
<?php
/**
*
* phpipam installation page!
*
*/
# check if php is built properly
include 'functions/checkPhpBuild.php';
# check for support for PHP modules and database connection
# if already installed than redirect !
if (tableExists("vrf")) {
# we permit if admin pass is default!
$admin = getUserDetailsByName("Admin");
if ($admin['password'] != '$6$rounds=3000$JQEE6dL9NpvjeFs4$RK5X3oa28.Uzt/h5VAfdrsvlVe.7HgQUYKMXTJUsud8dmWfPzZQPbRbk8xJn1Kyyt4.dWm4nJIYhAV2mbOZ3g.') {
if (defined('BASE')) {
header("Location: " . BASE . create_link(null));
} else {
header("Location: " . create_link(null));
}
die;
}
}
# printout
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<base href="<?php
$echoS = "You should agree to comply with the rules.";
} elseif (!$cgi['cheat']) {
$echoS = "You should promise not to try to gain an unfair advantage by breaking the rules.";
} elseif (!$cgi['account']) {
$echoS = "You should agree to have ONLY one " . $conf["sitename"] . " account.";
} elseif (!$cgi['turing'] || (strtolower($cgi['turing']) != strtolower($_SESSION['number']))) {
$echoS = "You should type the text that you see on the image.";
} else {
//echo "Registering";
$isResistered = 1;
$pas = genRandomPas();
createUser($cgi['username'], $cgi['race'], $cgi['email'], $pas, $cgi['uniqid']);
if ($cgi['uniqid']) {
updateUser($cgi['uniqid'], " uu=uu+10 ");
}
$us = getUserDetailsByName($cgi['username'], " ID ");
addIP($HTTP_SERVER_VARS['REMOTE_ADDR'], $us->ID);
//echo "==".$cgi['email']."==";
$html = "<html><body>Your name is: {$cgi['username']} <br>\n Your activation password is {$pas}</body></html>";
$plain = "Your name is: {$cgi['username']} \n Your activation password is {$pas}";
$email = new clsMAIL($cgi['email'], "World War II :: {$cgi['username']}", $html, $plain);
$email->addheader("To", "\"$cgi[username]\" <$cgi[email]>");
if ($email->send()) {
echo "<br><br><center><font color=red>Your activation password was sent to your e-mail.</font></center><br><br><br><br>";
} else {
echo "There was an error sending the email message";
}
//echo "--$ism--";
}
}
if ($log['severity'] == 0) {
$log['severityText'] = _("Informational");
$color = "success";
} else {
if ($log['severity'] == 1) {
$log['severityText'] = _("Notice");
$color = "warning";
} else {
$log['severityText'] = _("Warning");
$color = "error";
}
}
/**
* get user details
*/
$user = getUserDetailsByName($log['username']);
?>
<!-- header -->
<div class="pHeader"><?php
print _('Log details');
?>
</div>
<!-- content -->
<div class="pContent">
<table class="table table-striped table-condensed">
function createUser($userName, $race, $email, $password, $commander, $active = 0, $uniqueLink = "", $dalevel = 0, $salevel = 0, $gold = 50000, $lastturntime = 0, $attackturns = 30, $up = 0, $calevel = 0, $sasoldiers = 0, $samercs = 0, $dasoldiers = 0, $damercs = 0, $uu = 200, $spies = 0) {
if (!$lastturntime) {
$lastturntime = time();
}
$uniqueLink = genUniqueLink();
if (!valchar($userName)) {
return;
}
$str = "INSERT INTO `UserDetails` (userName,race,email,password,commander,active,uniqueLink,dalevel,salevel,
gold,lastturntime,attackturns,up,calevel,
sasoldiers,samercs,dasoldiers,damercs,uu,spies) VALUES ('$userName','$race','$email','" . md5($password) . "','$commander','$active','$uniqueLink','$dalevel','$salevel',
'$gold','$lastturntime','$attackturns','$up','$calevel',
'$sasoldiers','$samercs','$dasoldiers','$damercs','$uu','$spies')";
//echo "<center>Your temporary password is: $password</center><br>";
$q = mysql_query($str);
if (!$q) {
print ('Query failed: ' . mysql_error());
return $password;
}
$us = getUserDetailsByName($userName);
$userID = $us->ID;
$str = "INSERT INTO `Ranks` (userID) VALUES ('$userID') ";
$q = mysql_query($str);
return $password;
}
if ($log['severity'] == 0) {
$log['severityText'] = _("Informational");
$color = "success";
} else {
if ($log['severity'] == 1) {
$log['severityText'] = _("Notice");
$color = "warning";
} else {
$log['severityText'] = _("Warning");
$color = "error";
}
}
/**
* get user details
*/
$user = getUserDetailsByName($log['username'], false);
?>
<!-- header -->
<div class="pHeader"><?php
print _('Log details');
?>
</div>
<!-- content -->
<div class="pContent">
<table class="table table-striped table-condensed">
