/**
*
* @global DataBaseInterface $link
* @return DataBaseInterface
*/
function getDB()
{
global $link;
if ($link === false) {
DBinit();
}
return $link;
}
<?php
require '../system.php';
$login = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
$sessionid = Filter::input('sessionId', 'get');
if (empty($sessionid) or empty($serverid) or empty($login)) {
vtxtlog("[joinserver.php] join process [GET parameter empty] [ " . (empty($sessionid) ? 'SESSIONID ' : '') . (empty($login) ? 'USER ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
exit('Bad login');
}
loadTool('user.class.php');
DBinit('joinserver');
$sessionidv16 = explode(":", $sessionid);
if ($sessionidv16[0] == "token" && $sessionidv16[2] == "2") {
$sessionid = $sessionidv16[1];
}
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[0-9]+\$/", $sessionid) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
vtxtlog("[joinserver.php] error while login process [input login " . $login . " sessionid " . $sessionid . " serverid " . $serverid . "]");
exit('Bad login');
}
$tmp_user = new User($login, $bd_users['login']);
if ($tmp_user->id() === false or $tmp_user->name() !== $login) {
vtxtlog("[joinserver.php] Bad login register");
exit('Bad login');
}
$sql = "SELECT COUNT(*) FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['login']}`=:login " . "AND `{$bd_users['server']}`=:server";
$result = getDB()->fetchRow($sql, array('session' => $sessionid, 'login' => $tmp_user->name(), 'server' => $serverid), 'num');
if ((int) $result[0] == 1) {
vtxtlog('[joinserver.php] join Server [Result] Relogin OK');
exit('OK');
}
}
function logExit($text, $output = "Bad login")
{
vtxtlog($text);
exit($output);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && stripos($_SERVER["CONTENT_TYPE"], "application/json") === 0) {
$json = json_decode($HTTP_RAW_POST_DATA);
} else {
logExit("Bad request method. POST/json required", "Bad request method. POST/json required");
}
if (empty($json->accessToken) or empty($json->clientToken)) {
logExit("[invalidate16x.php] invalidate process [Empty input] [ " . (empty($json->accessToken) ? 'Session ' : '') . (empty($json->clientToken) ? 'clientToken ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
$sessionid = $json->accessToken;
$clientToken = $json->clientToken;
if (!preg_match("/^[a-f0-9-]+\$/", $sessionid) or !preg_match("/^[a-f0-9-]+\$/", $clientToken)) {
logExit("[invalidate16x.php] login process [Bad symbols] Session [{$sessionid}] clientToken [{$clientToken}]");
}
$sql = "SELECT `{$bd_names['email']}` FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:sessionid AND `{$bd_users['clientToken']}`=:token";
$result = getDB()->fetchRow($sql, array('sessionid' => $sessionid, 'token' => $clientToken), 'num');
if (!$result) {
logExit("[invalidate16x.php] invalidate process, wrong accessToken/clientToken pair");
}
$login = $result[0];
$auth_user = new User($login, $bd_users['email']);
$sql = "UPDATE `{$bd_names['users']}` SET `{$bd_users['session']}`='' " . "WHERE `{$bd_users['email']}`=:email";
getDB()->ask($sql, array('email' => $login));
vtxtlog("[invalidate16x.php] refresh process [Success] User [{$login}] Invalidate Session [{$sessionid}] clientToken[{$clientToken}]");
case 'delete_file':
loadTool('ajax.php');
loadTool('user.class.php');
if ($method == 'upload' or $method == 'delete_file') {
loadTool('upload.class.php');
} elseif ($method == 'profile') {
loadTool('skin.class.php');
} elseif ($method == 'restore' and $config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') {
aExit(1, 'Change password is not available');
}
DBinit('action_' . $method);
MCRAuth::userLoad();
break;
case 'download':
loadTool('upload.class.php');
DBinit('action_download');
break;
default:
exit;
break;
}
switch ($method) {
case 'upload':
// TODO Список последних добавленых файлов
if (empty($user) or $user->lvl() < 15) {
break;
}
$file = new File(false, 'other/');
$id_rewrite = Filter::input('nf_delete', 'post', 'bool');
$id_word = Filter::input('nf_id_word', 'post', 'string', true);
$result = $file->Create('new_file', $user->id(), $id_word, $id_rewrite);
<?php
require_once '../../system.php';
DBinit('rss.module');
$title = 'Сайт ' . $_SERVER['SERVER_NAME'];
$desc = 'Новости сайта ' . $_SERVER['SERVER_NAME'];
$rss_doc = '';
$site_news = 'http://' . str_replace('instruments/rss20/rss.php', '', $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']) . 'index.php';
$num_news = getDB()->fetchRow("SELECT COUNT(*) FROM `{$bd_names['news']}`", false, 'num');
if (!(int) $num_news[0]) {
exit;
}
define('DATE_FORMAT_RFC822', 'r');
header("content-type: application/rss+xml; charset=utf-8");
$cur_date = getDB()->fetchRow("SELECT DATE_FORMAT(NOW(),'%a, %d %b %Y %T')", false, 'num');
$cur_date = $cur_date[0];
$result = getDB()->ask("SELECT * FROM `{$bd_names['news']}` ORDER by time DESC LIMIT 0,10");
ob_start();
include './rss_header.html';
while ($line = $result->fetch()) {
$name = $line['title'];
$date = date("r", strtotime($line['time']));
$link = $site_news . '?id=' . $line['id'];
$post = strip_tags(html_entity_decode($line['message']));
include './rss.html';
}
include './rss_footer.html';
$rss_doc = '<?xml version="1.0" encoding="UTF-8"?>' . ob_get_clean();
echo $rss_doc;
<?php
require '../system.php';
$command = Filter::input('command');
$userlist = Filter::input('userlist');
if (!$command and !$userlist) {
exit('<script>parent.showResult("command is empty");</script>');
}
tokenTool('check');
$token = 'parent.token_data = "' . tokenTool('get') . '";';
DBinit('mcraft.rcon');
loadTool('rcon.class.php');
loadTool('user.class.php');
MCRAuth::userLoad();
if (empty($user) or $user->lvl() < 15) {
exit;
}
/* HTML version of GetUserList */
function GetUserListHTML($result)
{
$str = trim($result);
$str = str_replace(array("\r\n", "\n", "\r"), '', $str);
$names = explode(', ', substr($str, 19));
if (!empty($names)) {
for ($i = 0; $i < sizeof($names); $i++) {
trim($names[$i]);
}
}
if ($names[0] == '') {
unset($names);
}
<?php
/* WEB-APP : WebMCR (С) 2013-2014 NC22 | License : GPLv3 */
header('Content-Type: text/html; charset=UTF-8');
require_once './system.php';
DBinit('index');
loadTool('user.class.php');
MCRAuth::userLoad();
function GetRandomAdvice()
{
return ($quotes = @file(View::Get('sovet.txt'))) ? $quotes[rand(0, sizeof($quotes) - 1)] : "Советов нет";
}
function LoadTinyMCE()
{
global $addition_events, $content_js;
if (!file_exists(MCR_ROOT . 'instruments/tiny_mce/tinymce.min.js')) {
return false;
}
$tmce = 'tinymce.init({';
$tmce .= 'selector: "textarea.tinymce",';
$tmce .= 'language : "ru",';
$tmce .= 'plugins: "code preview image link",';
$tmce .= 'toolbar: "undo redo | bold italic | alignleft aligncenter alignright alignjustify | numlist bullist outdent indent | link image | preview",';
$tmce .= '});';
$addition_events .= $tmce;
$content_js .= '<script type="text/javascript" src="instruments/tiny_mce/tinymce.min.js"></script>';
return true;
}
function InitJS()
{
global $addition_events;
<?php
header("Content-type: image/png");
require './system.php';
$showMini = (Filter::input('mini', 'get', 'int') or Filter::input('m', 'get', 'bool')) ? true : false;
$showByName = Filter::input('user_name', 'get', 'string', true);
$isFemale = Filter::input('female', 'get', 'int', true);
$userId = Filter::input('user_id', 'get', 'int');
if ($showMini and !$userId) {
$userId = Filter::input('mini', 'get', 'int');
}
if ($showByName or $userId or $isFemale !== false) {
if ($userId) {
DBinit('skin_viewer');
loadTool('user.class.php');
$tmp_user = new User($userId);
if (!$tmp_user->id()) {
exit;
}
$showByName = $tmp_user->name();
if (!file_exists($tmp_user->getSkinFName())) {
if ($config['default_skin']) {
$tmp_user->setDefaultSkin();
} else {
$showByName = false;
$isFemale = 1;
}
}
}
ShowSkin($showMini, $showByName, $isFemale, $config['sbuffer']);
}
<?php
require './system.php';
$login = Filter::input('login');
$out = Filter::input('out', 'get', 'bool');
if (!$out and !$login) {
exit;
}
loadTool('ajax.php');
loadTool('user.class.php');
DBinit('login');
if ($out) {
header("Location: " . BASE_URL);
MCRAuth::userLoad();
if (!empty($user)) {
$user->logout();
}
} elseif ($login) {
$pass = Filter::input('pass');
$tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']);
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
if (!$tmp_user->id()) {
aExit(4, lng('AUTH_NOT_EXIST'));
}
if ($tmp_user->auth_fail_num() >= 5) {
CaptchaCheck(6);
}
if (!$tmp_user->authenticate($pass)) {
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>');
}
<?php
require '../system.php';
$user = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
if (empty($user) or empty($serverid)) {
vtxtlog("[checkserver.php] checkserver process [GET parameter empty] [ " . (empty($user) ? 'LOGIN ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
exit('NO');
}
loadTool('user.class.php');
DBinit('checkserver');
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $user) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
vtxtlog("[checkserver.php] error checkserver process [info login " . $user . " serverid " . $serverid . "]");
exit('NO');
}
$sql = "SELECT COUNT(*) FROM {$bd_names['users']} " . "WHERE `{$bd_users['login']}`=:user AND `{$bd_users['server']}`=:serverid";
$result = getDB()->fetchRow($sql, array('user' => $user, 'serverid' => $serverid), 'num');
if ((int) $result[0]) {
$user_login = new User($user, $bd_users['login']);
$user_login->gameLoginConfirm();
vtxtlog("[checkserver.php] Server Test [Success]");
exit('YES');
}
vtxtlog("[checkserver.php] [User not found] User [{$user}] Server ID [{$serverid}]");
exit('NO');
$input['method'] = 1;
}
if ($input['verificate'] and $input['id']) {
$input['method'] = 2;
}
return $input;
}
$input = CheckPostComplect();
if (!$input['method']) {
exit;
}
loadTool('ajax.php');
if ($config['p_logic'] != 'usual' and $config['p_logic'] != 'xauth' and $config['p_logic'] != 'authme') {
aExit(1, 'Registration is blocked. Used auth script from main CMS');
}
DBinit('register');
loadTool('user.class.php');
$rcodes = array();
function tryExit()
{
global $rcodes;
$message = '';
$rnum = sizeof($rcodes);
if (!$rnum) {
return;
}
for ($i = 0; $i < $rnum; $i++) {
$modifed = true;
switch ($rcodes[$i]) {
case 2:
$message .= lng('INCORRECT') . '. (' . lng('LOGIN') . ')';
<?php
header('Content-Type: text/html;charset=UTF-8');
require '../system.php';
loadTool('user.class.php');
loadTool('monitoring.class.php');
loadTool('catalog.class.php');
DBinit('news');
$news = '';
$page_title = 'Новостная лента';
$news_manager = new NewsManager($config['game_news'], 'launcher/news/', $config['s_root'] . 'index.php?');
$curlist = Filter::input('l', 'get', 'int');
if ($curlist <= 0) {
$curlist = 1;
}
$news = $news_manager->ShowNewsListing($curlist);
$servManager = new ServerManager('launcher/serverstate/');
$server_state_html = $servManager->Show('game');
unset($servManager);
include View::Get('index.html', 'launcher/');
<?php
require '../system.php';
loadTool('ajax.php');
loadTool('monitoring.class.php');
$id = Filter::input('id', 'post', 'int', true) or exit;
DBinit('monitoring');
$server = new Server($id, 'serverstate/');
$server->UpdateState();
$server->ShowInfo();