/** * * @global DataBaseInterface $link * @return DataBaseInterface */ function getDB() { global $link; if ($link === false) { DBinit(); } return $link; }
<?php require '../system.php'; $login = Filter::input('user', 'get'); $serverid = Filter::input('serverId', 'get'); $sessionid = Filter::input('sessionId', 'get'); if (empty($sessionid) or empty($serverid) or empty($login)) { vtxtlog("[joinserver.php] join process [GET parameter empty] [ " . (empty($sessionid) ? 'SESSIONID ' : '') . (empty($login) ? 'USER ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]"); exit('Bad login'); } loadTool('user.class.php'); DBinit('joinserver'); $sessionidv16 = explode(":", $sessionid); if ($sessionidv16[0] == "token" && $sessionidv16[2] == "2") { $sessionid = $sessionidv16[1]; } if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[0-9]+\$/", $sessionid) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) { vtxtlog("[joinserver.php] error while login process [input login " . $login . " sessionid " . $sessionid . " serverid " . $serverid . "]"); exit('Bad login'); } $tmp_user = new User($login, $bd_users['login']); if ($tmp_user->id() === false or $tmp_user->name() !== $login) { vtxtlog("[joinserver.php] Bad login register"); exit('Bad login'); } $sql = "SELECT COUNT(*) FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['login']}`=:login " . "AND `{$bd_users['server']}`=:server"; $result = getDB()->fetchRow($sql, array('session' => $sessionid, 'login' => $tmp_user->name(), 'server' => $serverid), 'num'); if ((int) $result[0] == 1) { vtxtlog('[joinserver.php] join Server [Result] Relogin OK'); exit('OK'); }
} function logExit($text, $output = "Bad login") { vtxtlog($text); exit($output); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) { $json = json_decode($HTTP_RAW_POST_DATA); } else { logExit("Bad request method. POST/json required", "Bad request method. POST/json required"); } if (empty($json->accessToken) or empty($json->clientToken)) { logExit("[invalidate16x.php] invalidate process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); $sessionid = $json->accessToken; $clientToken = $json->clientToken; if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) { logExit("[invalidate16x.php] login process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]"); } $sql = "SELECT `{$bd_names['email']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:sessionid AND `{$bd_users['clientToken']}`=:token"; $result = getDB()->fetchRow($sql, array('sessionid' => $sessionid, 'token' => $clientToken), 'num'); if (!$result) { logExit("[invalidate16x.php] invalidate process, wrong accessToken/clientToken pair"); } $login = $result[0]; $auth_user = new User($login, $bd_users['email']); $sql = "UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='' " . "WHERE `{$bd_users['email']}`=:email"; getDB()->ask($sql, array('email' => $login)); vtxtlog("[invalidate16x.php] refresh process [Success] User [{$login}] Invalidate Session [{$sessionid}] clientToken[{$clientToken}]");
case 'delete_file': loadTool('ajax.php'); loadTool('user.class.php'); if ($method == 'upload' or $method == 'delete_file') { loadTool('upload.class.php'); } elseif ($method == 'profile') { loadTool('skin.class.php'); } elseif ($method == 'restore' and $config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') { aExit(1, 'Change password is not available'); } DBinit('action_' . $method); MCRAuth::userLoad(); break; case 'download': loadTool('upload.class.php'); DBinit('action_download'); break; default: exit; break; } switch ($method) { case 'upload': // TODO Список последних добавленых файлов if (empty($user) or $user->lvl() < 15) { break; } $file = new File(false, 'other/'); $id_rewrite = Filter::input('nf_delete', 'post', 'bool'); $id_word = Filter::input('nf_id_word', 'post', 'string', true); $result = $file->Create('new_file', $user->id(), $id_word, $id_rewrite);
<?php require_once '../../system.php'; DBinit('rss.module'); $title = 'Сайт ' . $_SERVER['SERVER_NAME']; $desc = 'Новости сайта ' . $_SERVER['SERVER_NAME']; $rss_doc = ''; $site_news = 'http://' . str_replace('instruments/rss20/rss.php', '', $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']) . 'index.php'; $num_news = getDB()->fetchRow("SELECT COUNT(*) FROM `{$bd_names['news']}`", false, 'num'); if (!(int) $num_news[0]) { exit; } define('DATE_FORMAT_RFC822', 'r'); header("content-type: application/rss+xml; charset=utf-8"); $cur_date = getDB()->fetchRow("SELECT DATE_FORMAT(NOW(),'%a, %d %b %Y %T')", false, 'num'); $cur_date = $cur_date[0]; $result = getDB()->ask("SELECT * FROM `{$bd_names['news']}` ORDER by time DESC LIMIT 0,10"); ob_start(); include './rss_header.html'; while ($line = $result->fetch()) { $name = $line['title']; $date = date("r", strtotime($line['time'])); $link = $site_news . '?id=' . $line['id']; $post = strip_tags(html_entity_decode($line['message'])); include './rss.html'; } include './rss_footer.html'; $rss_doc = '<?xml version="1.0" encoding="UTF-8"?>' . ob_get_clean(); echo $rss_doc;
<?php require '../system.php'; $command = Filter::input('command'); $userlist = Filter::input('userlist'); if (!$command and !$userlist) { exit('<script>parent.showResult("command is empty");</script>'); } tokenTool('check'); $token = 'parent.token_data = "' . tokenTool('get') . '";'; DBinit('mcraft.rcon'); loadTool('rcon.class.php'); loadTool('user.class.php'); MCRAuth::userLoad(); if (empty($user) or $user->lvl() < 15) { exit; } /* HTML version of GetUserList */ function GetUserListHTML($result) { $str = trim($result); $str = str_replace(array("\r\n", "\n", "\r"), '', $str); $names = explode(', ', substr($str, 19)); if (!empty($names)) { for ($i = 0; $i < sizeof($names); $i++) { trim($names[$i]); } } if ($names[0] == '') { unset($names); }
<?php /* WEB-APP : WebMCR (С) 2013-2014 NC22 | License : GPLv3 */ header('Content-Type: text/html; charset=UTF-8'); require_once './system.php'; DBinit('index'); loadTool('user.class.php'); MCRAuth::userLoad(); function GetRandomAdvice() { return ($quotes = @file(View::Get('sovet.txt'))) ? $quotes[rand(0, sizeof($quotes) - 1)] : "Советов нет"; } function LoadTinyMCE() { global $addition_events, $content_js; if (!file_exists(MCR_ROOT . 'instruments/tiny_mce/tinymce.min.js')) { return false; } $tmce = 'tinymce.init({'; $tmce .= 'selector: "textarea.tinymce",'; $tmce .= 'language : "ru",'; $tmce .= 'plugins: "code preview image link",'; $tmce .= 'toolbar: "undo redo | bold italic | alignleft aligncenter alignright alignjustify | numlist bullist outdent indent | link image | preview",'; $tmce .= '});'; $addition_events .= $tmce; $content_js .= '<script type="text/javascript" src="instruments/tiny_mce/tinymce.min.js"></script>'; return true; } function InitJS() { global $addition_events;
<?php header("Content-type: image/png"); require './system.php'; $showMini = (Filter::input('mini', 'get', 'int') or Filter::input('m', 'get', 'bool')) ? true : false; $showByName = Filter::input('user_name', 'get', 'string', true); $isFemale = Filter::input('female', 'get', 'int', true); $userId = Filter::input('user_id', 'get', 'int'); if ($showMini and !$userId) { $userId = Filter::input('mini', 'get', 'int'); } if ($showByName or $userId or $isFemale !== false) { if ($userId) { DBinit('skin_viewer'); loadTool('user.class.php'); $tmp_user = new User($userId); if (!$tmp_user->id()) { exit; } $showByName = $tmp_user->name(); if (!file_exists($tmp_user->getSkinFName())) { if ($config['default_skin']) { $tmp_user->setDefaultSkin(); } else { $showByName = false; $isFemale = 1; } } } ShowSkin($showMini, $showByName, $isFemale, $config['sbuffer']); }
<?php require './system.php'; $login = Filter::input('login'); $out = Filter::input('out', 'get', 'bool'); if (!$out and !$login) { exit; } loadTool('ajax.php'); loadTool('user.class.php'); DBinit('login'); if ($out) { header("Location: " . BASE_URL); MCRAuth::userLoad(); if (!empty($user)) { $user->logout(); } } elseif ($login) { $pass = Filter::input('pass'); $tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']); $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); if (!$tmp_user->id()) { aExit(4, lng('AUTH_NOT_EXIST')); } if ($tmp_user->auth_fail_num() >= 5) { CaptchaCheck(6); } if (!$tmp_user->authenticate($pass)) { $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>'); }
<?php require '../system.php'; $user = Filter::input('user', 'get'); $serverid = Filter::input('serverId', 'get'); if (empty($user) or empty($serverid)) { vtxtlog("[checkserver.php] checkserver process [GET parameter empty] [ " . (empty($user) ? 'LOGIN ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]"); exit('NO'); } loadTool('user.class.php'); DBinit('checkserver'); if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $user) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) { vtxtlog("[checkserver.php] error checkserver process [info login " . $user . " serverid " . $serverid . "]"); exit('NO'); } $sql = "SELECT COUNT(*) FROM {$bd_names['users']} " . "WHERE `{$bd_users['login']}`=:user AND `{$bd_users['server']}`=:serverid"; $result = getDB()->fetchRow($sql, array('user' => $user, 'serverid' => $serverid), 'num'); if ((int) $result[0]) { $user_login = new User($user, $bd_users['login']); $user_login->gameLoginConfirm(); vtxtlog("[checkserver.php] Server Test [Success]"); exit('YES'); } vtxtlog("[checkserver.php] [User not found] User [{$user}] Server ID [{$serverid}]"); exit('NO');
$input['method'] = 1; } if ($input['verificate'] and $input['id']) { $input['method'] = 2; } return $input; } $input = CheckPostComplect(); if (!$input['method']) { exit; } loadTool('ajax.php'); if ($config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') { aExit(1, 'Registration is blocked. Used auth script from main CMS'); } DBinit('register'); loadTool('user.class.php'); $rcodes = array(); function tryExit() { global $rcodes; $message = ''; $rnum = sizeof($rcodes); if (!$rnum) { return; } for ($i = 0; $i < $rnum; $i++) { $modifed = true; switch ($rcodes[$i]) { case 2: $message .= lng('INCORRECT') . '. (' . lng('LOGIN') . ')';
<?php header('Content-Type: text/html;charset=UTF-8'); require '../system.php'; loadTool('user.class.php'); loadTool('monitoring.class.php'); loadTool('catalog.class.php'); DBinit('news'); $news = ''; $page_title = 'Новостная лента'; $news_manager = new NewsManager($config['game_news'], 'launcher/news/', $config['s_root'] . 'index.php?'); $curlist = Filter::input('l', 'get', 'int'); if ($curlist <= 0) { $curlist = 1; } $news = $news_manager->ShowNewsListing($curlist); $servManager = new ServerManager('launcher/serverstate/'); $server_state_html = $servManager->Show('game'); unset($servManager); include View::Get('index.html', 'launcher/');
<?php require '../system.php'; loadTool('ajax.php'); loadTool('monitoring.class.php'); $id = Filter::input('id', 'post', 'int', true) or exit; DBinit('monitoring'); $server = new Server($id, 'serverstate/'); $server->UpdateState(); $server->ShowInfo();