Exemple #1
0
/**
 * 
 * @global DataBaseInterface $link
 * @return DataBaseInterface
 */
function getDB()
{
    global $link;
    if ($link === false) {
        DBinit();
    }
    return $link;
}
Exemple #2
0
<?php

require '../system.php';
$login = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
$sessionid = Filter::input('sessionId', 'get');
if (empty($sessionid) or empty($serverid) or empty($login)) {
    vtxtlog("[joinserver.php] join process [GET parameter empty] [ " . (empty($sessionid) ? 'SESSIONID ' : '') . (empty($login) ? 'USER ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
    exit('Bad login');
}
loadTool('user.class.php');
DBinit('joinserver');
$sessionidv16 = explode(":", $sessionid);
if ($sessionidv16[0] == "token" && $sessionidv16[2] == "2") {
    $sessionid = $sessionidv16[1];
}
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[0-9]+\$/", $sessionid) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
    vtxtlog("[joinserver.php] error while login process [input login " . $login . " sessionid " . $sessionid . " serverid " . $serverid . "]");
    exit('Bad login');
}
$tmp_user = new User($login, $bd_users['login']);
if ($tmp_user->id() === false or $tmp_user->name() !== $login) {
    vtxtlog("[joinserver.php] Bad login register");
    exit('Bad login');
}
$sql = "SELECT COUNT(*) FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['login']}`=:login " . "AND `{$bd_users['server']}`=:server";
$result = getDB()->fetchRow($sql, array('session' => $sessionid, 'login' => $tmp_user->name(), 'server' => $serverid), 'num');
if ((int) $result[0] == 1) {
    vtxtlog('[joinserver.php] join Server [Result] Relogin OK');
    exit('OK');
}
Exemple #3
0
}
function logExit($text, $output = "Bad login")
{
    vtxtlog($text);
    exit($output);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) {
    $json = json_decode($HTTP_RAW_POST_DATA);
} else {
    logExit("Bad request method. POST/json required", "Bad request method. POST/json required");
}
if (empty($json->accessToken) or empty($json->clientToken)) {
    logExit("[invalidate16x.php] invalidate process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
$sessionid = $json->accessToken;
$clientToken = $json->clientToken;
if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) {
    logExit("[invalidate16x.php] login process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]");
}
$sql = "SELECT `{$bd_names['email']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:sessionid AND `{$bd_users['clientToken']}`=:token";
$result = getDB()->fetchRow($sql, array('sessionid' => $sessionid, 'token' => $clientToken), 'num');
if (!$result) {
    logExit("[invalidate16x.php] invalidate process, wrong accessToken/clientToken pair");
}
$login = $result[0];
$auth_user = new User($login, $bd_users['email']);
$sql = "UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='' " . "WHERE `{$bd_users['email']}`=:email";
getDB()->ask($sql, array('email' => $login));
vtxtlog("[invalidate16x.php] refresh process [Success] User [{$login}] Invalidate Session [{$sessionid}] clientToken[{$clientToken}]");
Exemple #4
0
    case 'delete_file':
        loadTool('ajax.php');
        loadTool('user.class.php');
        if ($method == 'upload' or $method == 'delete_file') {
            loadTool('upload.class.php');
        } elseif ($method == 'profile') {
            loadTool('skin.class.php');
        } elseif ($method == 'restore' and $config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') {
            aExit(1, 'Change password is not available');
        }
        DBinit('action_' . $method);
        MCRAuth::userLoad();
        break;
    case 'download':
        loadTool('upload.class.php');
        DBinit('action_download');
        break;
    default:
        exit;
        break;
}
switch ($method) {
    case 'upload':
        // TODO Список последних добавленых файлов
        if (empty($user) or $user->lvl() < 15) {
            break;
        }
        $file = new File(false, 'other/');
        $id_rewrite = Filter::input('nf_delete', 'post', 'bool');
        $id_word = Filter::input('nf_id_word', 'post', 'string', true);
        $result = $file->Create('new_file', $user->id(), $id_word, $id_rewrite);
Exemple #5
0
<?php

require_once '../../system.php';
DBinit('rss.module');
$title = 'Сайт ' . $_SERVER['SERVER_NAME'];
$desc = 'Новости сайта ' . $_SERVER['SERVER_NAME'];
$rss_doc = '';
$site_news = 'http://' . str_replace('instruments/rss20/rss.php', '', $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']) . 'index.php';
$num_news = getDB()->fetchRow("SELECT COUNT(*) FROM `{$bd_names['news']}`", false, 'num');
if (!(int) $num_news[0]) {
    exit;
}
define('DATE_FORMAT_RFC822', 'r');
header("content-type: application/rss+xml; charset=utf-8");
$cur_date = getDB()->fetchRow("SELECT DATE_FORMAT(NOW(),'%a, %d %b %Y %T')", false, 'num');
$cur_date = $cur_date[0];
$result = getDB()->ask("SELECT * FROM `{$bd_names['news']}` ORDER by time DESC LIMIT 0,10");
ob_start();
include './rss_header.html';
while ($line = $result->fetch()) {
    $name = $line['title'];
    $date = date("r", strtotime($line['time']));
    $link = $site_news . '?id=' . $line['id'];
    $post = strip_tags(html_entity_decode($line['message']));
    include './rss.html';
}
include './rss_footer.html';
$rss_doc = '<?xml version="1.0" encoding="UTF-8"?>' . ob_get_clean();
echo $rss_doc;
Exemple #6
0
<?php

require '../system.php';
$command = Filter::input('command');
$userlist = Filter::input('userlist');
if (!$command and !$userlist) {
    exit('<script>parent.showResult("command is empty");</script>');
}
tokenTool('check');
$token = 'parent.token_data = "' . tokenTool('get') . '";';
DBinit('mcraft.rcon');
loadTool('rcon.class.php');
loadTool('user.class.php');
MCRAuth::userLoad();
if (empty($user) or $user->lvl() < 15) {
    exit;
}
/* HTML version of GetUserList */
function GetUserListHTML($result)
{
    $str = trim($result);
    $str = str_replace(array("\r\n", "\n", "\r"), '', $str);
    $names = explode(', ', substr($str, 19));
    if (!empty($names)) {
        for ($i = 0; $i < sizeof($names); $i++) {
            trim($names[$i]);
        }
    }
    if ($names[0] == '') {
        unset($names);
    }
Exemple #7
0
<?php

/* WEB-APP : WebMCR (С) 2013-2014 NC22 | License : GPLv3 */
header('Content-Type: text/html; charset=UTF-8');
require_once './system.php';
DBinit('index');
loadTool('user.class.php');
MCRAuth::userLoad();
function GetRandomAdvice()
{
    return ($quotes = @file(View::Get('sovet.txt'))) ? $quotes[rand(0, sizeof($quotes) - 1)] : "Советов нет";
}
function LoadTinyMCE()
{
    global $addition_events, $content_js;
    if (!file_exists(MCR_ROOT . 'instruments/tiny_mce/tinymce.min.js')) {
        return false;
    }
    $tmce = 'tinymce.init({';
    $tmce .= 'selector: "textarea.tinymce",';
    $tmce .= 'language : "ru",';
    $tmce .= 'plugins: "code preview image link",';
    $tmce .= 'toolbar: "undo redo | bold italic | alignleft aligncenter alignright alignjustify | numlist bullist outdent indent | link image | preview",';
    $tmce .= '});';
    $addition_events .= $tmce;
    $content_js .= '<script type="text/javascript" src="instruments/tiny_mce/tinymce.min.js"></script>';
    return true;
}
function InitJS()
{
    global $addition_events;
Exemple #8
0
<?php

header("Content-type: image/png");
require './system.php';
$showMini = (Filter::input('mini', 'get', 'int') or Filter::input('m', 'get', 'bool')) ? true : false;
$showByName = Filter::input('user_name', 'get', 'string', true);
$isFemale = Filter::input('female', 'get', 'int', true);
$userId = Filter::input('user_id', 'get', 'int');
if ($showMini and !$userId) {
    $userId = Filter::input('mini', 'get', 'int');
}
if ($showByName or $userId or $isFemale !== false) {
    if ($userId) {
        DBinit('skin_viewer');
        loadTool('user.class.php');
        $tmp_user = new User($userId);
        if (!$tmp_user->id()) {
            exit;
        }
        $showByName = $tmp_user->name();
        if (!file_exists($tmp_user->getSkinFName())) {
            if ($config['default_skin']) {
                $tmp_user->setDefaultSkin();
            } else {
                $showByName = false;
                $isFemale = 1;
            }
        }
    }
    ShowSkin($showMini, $showByName, $isFemale, $config['sbuffer']);
}
Exemple #9
0
<?php

require './system.php';
$login = Filter::input('login');
$out = Filter::input('out', 'get', 'bool');
if (!$out and !$login) {
    exit;
}
loadTool('ajax.php');
loadTool('user.class.php');
DBinit('login');
if ($out) {
    header("Location: " . BASE_URL);
    MCRAuth::userLoad();
    if (!empty($user)) {
        $user->logout();
    }
} elseif ($login) {
    $pass = Filter::input('pass');
    $tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']);
    $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
    if (!$tmp_user->id()) {
        aExit(4, lng('AUTH_NOT_EXIST'));
    }
    if ($tmp_user->auth_fail_num() >= 5) {
        CaptchaCheck(6);
    }
    if (!$tmp_user->authenticate($pass)) {
        $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
        aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>');
    }
Exemple #10
0
<?php

require '../system.php';
$user = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
if (empty($user) or empty($serverid)) {
    vtxtlog("[checkserver.php] checkserver process [GET parameter empty] [ " . (empty($user) ? 'LOGIN ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
    exit('NO');
}
loadTool('user.class.php');
DBinit('checkserver');
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $user) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
    vtxtlog("[checkserver.php] error checkserver process [info login " . $user . " serverid " . $serverid . "]");
    exit('NO');
}
$sql = "SELECT  COUNT(*) FROM {$bd_names['users']} " . "WHERE `{$bd_users['login']}`=:user AND `{$bd_users['server']}`=:serverid";
$result = getDB()->fetchRow($sql, array('user' => $user, 'serverid' => $serverid), 'num');
if ((int) $result[0]) {
    $user_login = new User($user, $bd_users['login']);
    $user_login->gameLoginConfirm();
    vtxtlog("[checkserver.php] Server Test [Success]");
    exit('YES');
}
vtxtlog("[checkserver.php] [User not found] User [{$user}] Server ID [{$serverid}]");
exit('NO');
Exemple #11
0
        $input['method'] = 1;
    }
    if ($input['verificate'] and $input['id']) {
        $input['method'] = 2;
    }
    return $input;
}
$input = CheckPostComplect();
if (!$input['method']) {
    exit;
}
loadTool('ajax.php');
if ($config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') {
    aExit(1, 'Registration is blocked. Used auth script from main CMS');
}
DBinit('register');
loadTool('user.class.php');
$rcodes = array();
function tryExit()
{
    global $rcodes;
    $message = '';
    $rnum = sizeof($rcodes);
    if (!$rnum) {
        return;
    }
    for ($i = 0; $i < $rnum; $i++) {
        $modifed = true;
        switch ($rcodes[$i]) {
            case 2:
                $message .= lng('INCORRECT') . '. (' . lng('LOGIN') . ')';
Exemple #12
0
<?php

header('Content-Type: text/html;charset=UTF-8');
require '../system.php';
loadTool('user.class.php');
loadTool('monitoring.class.php');
loadTool('catalog.class.php');
DBinit('news');
$news = '';
$page_title = 'Новостная лента';
$news_manager = new NewsManager($config['game_news'], 'launcher/news/', $config['s_root'] . 'index.php?');
$curlist = Filter::input('l', 'get', 'int');
if ($curlist <= 0) {
    $curlist = 1;
}
$news = $news_manager->ShowNewsListing($curlist);
$servManager = new ServerManager('launcher/serverstate/');
$server_state_html = $servManager->Show('game');
unset($servManager);
include View::Get('index.html', 'launcher/');
Exemple #13
0
<?php

require '../system.php';
loadTool('ajax.php');
loadTool('monitoring.class.php');
$id = Filter::input('id', 'post', 'int', true) or exit;
DBinit('monitoring');
$server = new Server($id, 'serverstate/');
$server->UpdateState();
$server->ShowInfo();