ob_start(); require_once 'MySQL_funcs.php'; include 'MySQL_config.php'; include 'MySQL_access.php'; ob_end_clean(); session_start(); if (isset($_SESSION['userid'])) { $userid = $_SESSION['userid']; } else { $userid = '-guest-'; } $loggedin = false; if (strcmp($userid, '-guest-')) { $loggedin = true; } $content = getStandaloneFile('dynmap_config.json'); header('Content-type: application/json; charset=utf-8'); if (!$loginenabled) { echo $content; } else { if ($json->loginrequired && !$loggedin) { echo "{ \"error\": \"login-required\" }"; } else { $json = json_decode($content); $uid = '[' . strtolower($userid) . ']'; $json->loggedin = $loggedin; $wcnt = count($json->worlds); $newworlds = array(); for ($i = 0; $i < $wcnt; $i++) { $w = $json->worlds[$i]; if ($w->protected) {
$ctx = hash_init('sha256'); hash_update($ctx, $pwdsalt); hash_update($ctx, $password); $hash = hash_final($ctx); $useridlc = strtolower($userid); if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) { $_SESSION['userid'] = $userid; $good = true; } else { $_SESSION['userid'] = '-guest-'; } } else { $_SESSION['userid'] = '-guest-'; $good = true; } $content = getStandaloneFile('dynmap_reg.php'); /* Prune pending registrations, if needed */ $lines = explode('\\n', $content); $newlines[] = array(); if (!empty($lines)) { $cnt = count($lines) - 1; $changed = false; for ($i = 1; $i < $cnt; $i++) { list($uid, $pc, $hsh) = split('=', rtrim($lines[$i])); if ($uid == $useridlc) { continue; } if (array_key_exists($uid, $pendingreg)) { $newlines[] = $uid . '=' . $pc . '=' . $hsh; } else { $changed = true;
$fname = 'updates_' . $world . '.json'; } $useridlc = strtolower($userid); $uid = '[' . $useridlc . ']'; if (isset($worldaccess[$world])) { $ss = stristr($worldaccess[$world], $uid); if ($ss === false) { echo "{ \"error\": \"access-denied\" }"; return; } } $serverid = 0; if (isset($_REQUEST['serverid'])) { $serverid = $_REQUEST['serverid']; } $content = getStandaloneFile('dynmap_' . $world . '.json'); if (!isset($content)) { header('HTTP/1.0 503 Database Unavailable'); echo "<h1>503 Database Unavailable</h1>"; echo 'Error reading database - ' . $fname . ' #' . $serverid; cleanupDb(); exit; } if (!$loginenabled) { echo $content; } else { if (isset($json->loginrequired) && $json->loginrequired && !$loggedin) { echo "{ \"error\": \"login-required\" }"; } else { $json = json_decode($content); $json->loggedin = $loggedin;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time()) { $micro = microtime(true); $timestamp = round($micro * 1000.0); $data = json_decode(trim(file_get_contents('php://input'))); $data->timestamp = $timestamp; $data->ip = $_SERVER['REMOTE_ADDR']; if (isset($_SESSION['userid'])) { $uid = $_SESSION['userid']; if (strcmp($uid, '-guest-')) { $data->userid = $uid; } } if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $data->ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } $content = getStandaloneFile('dynmap_webchat.json'); $gotold = false; if (isset($content)) { $old_messages = json_decode($content, true); $gotold = true; } if (!empty($old_messages)) { foreach ($old_messages as $message) { if ($timestamp - $config['updaterate'] - 10000 < $message['timestamp']) { $new_messages[] = $message; } } } $new_messages[] = $data; if ($gotold) { updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
<?php require_once 'MySQL_funcs.php'; if ($loginenabled) { $rslt = getStandaloneFile('dynmap_access.php'); eval($rslt); }