function CheckPostComplect()
{
$input = array('login' => Filter::input('login'), 'pass' => Filter::input('pass'), 'repass' => Filter::input('repass'), 'email' => Filter::input('email', 'post', 'mail'), 'female' => Filter::input('female', 'post', 'bool'), 'verificate' => Filter::input('verificate', 'get'), 'id' => Filter::input('id', 'post', 'int'), 'method' => false);
if (!$input['id']) {
$input['id'] = Filter::input('id', 'get', 'int');
}
if ($input['login'] and $input['pass'] and $input['repass']) {
$input['method'] = 1;
}
if ($input['verificate'] and $input['id']) {
$input['method'] = 2;
}
return $input;
}
function aExit($code, $mess = 'error')
{
global $ajax_message;
$iframe = Filter::input('json_iframe', 'post', 'bool');
$ajax_message['code'] = $code;
$ajax_message['message'] = $mess == 'error' ? $mess . ' code: ' . $code : $mess;
if (defined('JSON_HEX_QUOT')) {
$result = json_encode($ajax_message, JSON_HEX_QUOT | JSON_HEX_APOS | JSON_HEX_TAG);
} else {
$result = json_encode($ajax_message);
}
if ($iframe) {
$result = escapeJsonString($result);
$result = '<html><head><title>jnone</title><script type="text/javascript"> var json_response = "' . $result . '"</script></head><body></body></html>';
}
exit($result);
}
public static function LoadSession()
{
global $user, $bd_users;
$user = false;
$check_ip = GetRealIp();
$check = true;
$session = Filter::input('session_id', 'get');
if (!class_exists('User', false)) {
exit('include user class first');
}
if (!session_id() and !empty($session) and preg_match('/^[a-zA-Z0-9]{26,40}$/', $session)) {
session_id($session);
}
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESSION['user_name'])) {
$user = new User($_SESSION['user_name'], $bd_users['login']);
}
if (isset($_COOKIE['PRTCookie1']) and empty($user)) {
$user = new User($_COOKIE['PRTCookie1'], $bd_users['tmp']);
if ($user->id()) {
$_SESSION['user_name'] = $user->name();
$_SESSION['ip'] = $check_ip;
}
}
if (!empty($user)) {
if (!$user->id() or $user->lvl() <= 0 or $check and $check_ip != $user->ip()) {
if ($user->id()) {
$user->logout();
}
setcookie("PRTCookie1", "", time(), '/');
$user = false;
}
}
}
<?php
session_start();
date_default_timezone_set('PRC');
define('APP_PATH', str_replace('\\', '/', __DIR__ . '/'));
include_once './init/init.php';
try {
Filter::input();
$m = !empty($_REQUEST['m']) ? trim($_REQUEST['m']) : 'index';
$m = ucfirst(strtolower($m));
$a = !empty($_REQUEST['a']) ? trim($_REQUEST['a']) : 'index';
if (empty($m)) {
throw new Exception('module is empty');
}
if (!class_exists($m)) {
throw new Exception("class {$m} is not exists");
}
if (empty($a)) {
throw new Exception('action is empty');
}
$module = new $m();
$action = 'action' . ucfirst($a);
if (!method_exists($module, $action)) {
throw new Exception("action {$a} is not exists");
}
$module->{$action}();
} catch (Exception $e) {
Util::response(array('code' => 400, 'msg' => $e->getMessage()));
}
}
if ($mail) {
$rcodes[] = $mod_user->changeEmail($mail);
}
$ajax_message['token_data'] = tokenTool('get');
}
$newlogin = Filter::input('new_login');
$newpass = Filter::input('new_password');
$delete_skin = Filter::input('new_delete_skin', 'post', 'bool');
$delete_cloak = Filter::input('new_delete_cloak', 'post', 'bool');
if ($newlogin) {
$rcodes[] = $mod_user->changeName($newlogin);
}
if ($newpass) {
$oldpass = Filter::input('old_password');
$newrepass = Filter::input('new_repassword');
if ($user->lvl() >= 15 and $user_id) {
$rcodes[] = $mod_user->changePassword($newpass);
} else {
$rcodes[] = $mod_user->changePassword($newpass, $newrepass, $oldpass);
}
}
if (empty($_FILES['new_skin']['tmp_name']) and $delete_skin and !$mod_user->defaultSkinTrigger() and $user->getPermission('change_skin')) {
$rcodes[] = $mod_user->setDefaultSkin();
}
if (empty($_FILES['new_cloak']['tmp_name']) and $delete_cloak and $user->getPermission('change_cloak')) {
$mod_user->deleteCloak();
$rcodes[] = 1;
}
if (!empty($_FILES['new_skin']['tmp_name'])) {
$rcodes[] = (int) $mod_user->changeVisual('new_skin', 'skin');
function tokenTool($mode = 'set')
{
global $content_js;
if (!isset($_SESSION)) {
session_start();
}
if ($mode == 'check') {
if (empty($_SESSION['token_data']) or $_SESSION['token_data'] !== Filter::input('token_data')) {
if (isset($_SESSION['token_data'])) {
unset($_SESSION['token_data']);
}
exit(lng('TOKEN_FAIL'));
return false;
}
unset($_SESSION['token_data']);
return true;
} elseif ($mode == 'set') {
$_SESSION['token_data'] = randString(32);
$content_js .= '<script type="text/javascript">var token_data = "' . $_SESSION['token_data'] . '";</script>';
return true;
} elseif ($mode == 'setinput') {
$_SESSION['token_data'] = randString(32);
return '<input type="hidden" name="token_data" id="token_data" value="' . $_SESSION['token_data'] . '" />';
} else {
$_SESSION['token_data'] = randString(32);
return $_SESSION['token_data'];
}
}
if (empty($game_server)) {
$game_server = sqlConfigGet('rcon-serv');
}
if ($game_server == 0) {
exit('<script>' . $token . 'parent.showResult("rcon unconfigured");</script>');
}
$rcon_port = Filter::input('port', 'post', 'int');
if (empty($rcon_port)) {
$rcon_port = (int) sqlConfigGet('rcon-port');
}
$rcon_pass = Filter::input('pass');
if (empty($rcon_pass)) {
$rcon_pass = sqlConfigGet('rcon-pass');
}
/* Sync or drop config */
if (Filter::input('save', 'post', 'bool')) {
sqlConfigSet('rcon-serv', $game_server);
sqlConfigSet('rcon-pass', $rcon_pass);
sqlConfigSet('rcon-port', $rcon_port);
} else {
sqlConfigSet('rcon-serv', 0);
}
try {
$rcon = new MinecraftRcon();
$rcon->Connect($game_server, $rcon_port, $rcon_pass);
if ($userlist) {
$page = GetUserListHTML($rcon->Command('list'));
exit("<script>'.{$token}.'parent.GetById('users_online').innerHTML = '" . $page[0] . "'; " . $page[1] . "</script>");
}
$command = str_replace(array("\r\n", "\n", "\r"), '', $command);
$command = preg_replace('| +|', ' ', $command);
$user_img_get = $ban_user->getSkinLink() . '&refresh=' . rand(1000, 9999);
if ($cloak_exist or !$skin_def) {
include View::Get('profile_skin.html', $st_subdir . 'profile/');
}
if (!$skin_def) {
include View::Get('profile_del_skin.html', $st_subdir . 'profile/');
}
if ($cloak_exist) {
include View::Get('profile_del_cloak.html', $st_subdir . 'profile/');
}
if ($bd_names['iconomy']) {
include View::Get('profile_money.html', $st_subdir . 'profile/');
}
include View::Get('profile_footer.html', $st_subdir . 'profile/');
case 'delete_banip':
$ip = Filter::input('ip', 'get');
if (!empty($ip) and preg_match("/[0-9.]+\$/", $ip)) {
getDB()->ask("DELETE FROM {$bd_names['ip_banning']} WHERE IP=:ip", array('ip' => $ip));
$info .= lng('IP_UNBANNED') . ' ( ' . $ip . ') ';
}
break;
}
$html .= ob_get_clean();
}
if ($do == 'sign') {
$data = file_get_contents(View::Get('edit.png', 'img/'));
if (!$data) {
exit;
}
$data = explode("IEND�B`", $data);
if (sizeof($data) != 2) {
public function ShowNewsEditor()
{
global $bd_names;
$editorTitle = 'Добавить новость';
$editorButton = 'Добавить';
$editInfo = array('vote' => !Filter::input('hide_vote', 'post', 'bool'), 'discus' => !Filter::input('hide_discus', 'post', 'bool'));
$editCategory = Filter::input('cid', 'post', 'int', true);
$editMode = Filter::input('editMode', 'post', 'int');
$editTitle = Filter::input('title', 'post', 'string', true);
$editMessage = Filter::input('message', 'post', 'html', true);
$editMessage_Full = Filter::input('message_full', 'post', 'html', true);
$error = '';
if ($editCategory !== false and $editTitle !== false and $editMessage !== false) {
ob_start();
$state = 'error';
if (!$editCategory or !$editMessage or !$editTitle) {
$text_str = 'Заполните необходимые поля.';
} else {
if ($editMode > 0) {
$news_item = new News_Item($editMode, $this->st_subdir);
if ($news_item->Edit($editCategory, $editTitle, $editMessage, $editMessage_Full, $editInfo['vote'], $editInfo['discus'])) {
$state = 'success';
$text_str = 'Новость обновлена';
} else {
$text_str = 'Недостаточно прав';
}
$editMode = 0;
} else {
$news_item = new News_Item();
$news_item->Create($editCategory, $editTitle, $editMessage, $editMessage_Full, $editInfo['vote'], $editInfo['discus']);
$state = 'success';
$text_str = 'Новость добавлена';
}
}
include $this->GetView('news_admin_mess.html');
$error = ob_get_clean();
} elseif (Filter::input('delete', 'get', 'int')) {
$news_item = new News_Item(Filter::input('delete', 'get', 'int'));
$news_item->Delete();
header("Location: " . $this->work_link . "ok");
} elseif (Filter::input('edit', 'get', 'int')) {
$editorTitle = 'Обновить новость';
$editorButton = 'Изменить';
$news_item = new News_Item(Filter::input('edit', 'get', 'int'));
if (!$news_item->Exist()) {
return '';
}
$editInfo = $news_item->getInfo();
$editMode = $editInfo['id'];
$editCategory = $editInfo['category_id'];
$editTitle = TextBase::HTMLDestruct($editInfo['title']);
$editMessage = TextBase::HTMLDestruct($editInfo['text']);
$editMessage_Full = TextBase::HTMLDestruct($editInfo['text_full']);
}
ob_start();
$cat_list = CategoryManager::GetList($editCategory);
include $this->GetView('news_add.html');
return ob_get_clean();
}
exit;
}
loadTool('ajax.php');
loadTool('user.class.php');
DBinit('login');
if ($out) {
header("Location: " . BASE_URL);
MCRAuth::userLoad();
if (!empty($user)) {
$user->logout();
}
} elseif ($login) {
$pass = Filter::input('pass');
$tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']);
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
if (!$tmp_user->id()) {
aExit(4, lng('AUTH_NOT_EXIST'));
}
if ($tmp_user->auth_fail_num() >= 5) {
CaptchaCheck(6);
}
if (!$tmp_user->authenticate($pass)) {
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>');
}
if ($tmp_user->lvl() <= 0) {
aExit(4, lng('USER_BANNED'));
}
$tmp_user->login(randString(15), GetRealIp(), Filter::input('save', 'post', 'bool'));
aExit(0, 'success');
}
<?php
require '../system.php';
$user = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
if (empty($user) or empty($serverid)) {
vtxtlog("[checkserver.php] checkserver process [GET parameter empty] [ " . (empty($user) ? 'LOGIN ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
exit('NO');
}
loadTool('user.class.php');
DBinit('checkserver');
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $user) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
vtxtlog("[checkserver.php] error checkserver process [info login " . $user . " serverid " . $serverid . "]");
exit('NO');
}
$sql = "SELECT COUNT(*) FROM {$bd_names['users']} " . "WHERE `{$bd_users['login']}`=:user AND `{$bd_users['server']}`=:serverid";
$result = getDB()->fetchRow($sql, array('user' => $user, 'serverid' => $serverid), 'num');
if ((int) $result[0]) {
$user_login = new User($user, $bd_users['login']);
$user_login->gameLoginConfirm();
vtxtlog("[checkserver.php] Server Test [Success]");
exit('YES');
}
vtxtlog("[checkserver.php] [User not found] User [{$user}] Server ID [{$serverid}]");
exit('NO');
$female = Filter::input('female', 'post', 'string', true);
$email = Filter::input('email', 'post', 'mail', true);
if ($female !== false and $user->gender() > 1) {
$user->changeGender(!(int) $female ? 0 : 1);
}
if ($email) {
$send_result = $user->changeEmail($email, true);
if ($send_result == 1) {
$html_info = lng('REG_CONFIRM_INFO');
} elseif ($send_result == 1902) {
$html_info = lng('AUTH_EXIST_EMAIL');
} else {
$html_info = lng('MAIL_FAIL');
}
}
} elseif (Filter::input('antibot')) {
$html_info = lng('CAPTCHA_FAIL');
}
if ($user->group() == 4 or !$user->email() or $user->gender() > 1) {
ob_start();
include View::Get('cp_form.html', $prefix);
if ($user->group() == 4 or !$user->email()) {
include View::Get('profile_email.html', $prefix);
}
if ($user->gender() > 1) {
include View::Get('profile_gender.html', $prefix);
}
include View::Get('cp_form_footer.html', $prefix);
$content_main .= ob_get_clean();
}
}
require '../system.php';
function generateSessionId()
{
srand(time());
$randNum = rand(1000000000, 2147483647) . rand(1000000000, 2147483647) . rand(0, 9);
return $randNum;
}
function logExit($text, $output = "Bad login")
{
vtxtlog($text);
exit($output);
}
$login = Filter::input('user');
$password = Filter::input('password');
$ver = Filter::input('version');
if (empty($password) or empty($ver) or empty($login)) {
logExit("[auth.php] login process [Empty input] [ " . (empty($login) ? 'LOGIN ' : '') . (empty($password) ? 'PASSWORD ' : '') . (empty($ver) ? 'VER ' : '') . "]");
}
loadTool('user.class.php');
DBinit('auth');
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or !preg_match("/^[0-9]+\$/", $ver)) {
logExit("[auth.php] login process [Bad symbols] User [{$login}] Password [{$password}] Ver [{$ver}]");
}
if ((int) sqlConfigGet('launcher-version') != (int) $ver) {
logExit("[auth.php] login process [Old version] ver " . $ver, "Old version");
}
$auth_user = new User($login, $bd_users['login']);
if (!$auth_user->id()) {
logExit("[auth.php] login process [Unknown user] User [{$login}] Password [{$password}]");
}
<?php
require '../system.php';
loadTool('ajax.php');
loadTool('monitoring.class.php');
$id = Filter::input('id', 'post', 'int', true) or exit;
DBinit('monitoring');
$server = new Server($id, 'serverstate/');
$server->UpdateState();
$server->ShowInfo();
public function ShowAdminForm()
{
global $bd_names, $config;
$info = $this->answer;
$configUpd = false;
if (isset($_POST['sp_group_edit'])) {
$group = new Group(Filter::input('group', 'post', 'int'));
$permissions = $group->GetAllPermissions();
foreach (self::$permissions as $key => $value) {
if ($value == 'bool') {
$permissions[$key] = Filter::input($key, 'post', 'int') ? 1 : 0;
} elseif (isset($_POST[$key])) {
$permissions[$key] = Filter::input($key, 'post', 'int');
} else {
continue;
}
}
$group->Edit($group->GetName(), $permissions);
} elseif (isset($_POST['sp_config_set'])) {
// @todo move rebuild action some where else
$rebuild_items = Filter::input('rebuild_items', 'post', 'bool');
if ($rebuild_items) {
$this->RebuildAll();
}
$config['sp_online'] = !Filter::input('sp_offline', 'post', 'bool');
$config['sp_upload'] = Filter::input('sp_upload', 'post', 'bool');
$config['sp_download'] = Filter::input('sp_download', 'post', 'bool');
$config['sp_comments'] = Filter::input('sp_comments', 'post', 'bool');
$configUpd = true;
} elseif (isset($_POST['sp_tables_set'])) {
$bd_skins = Filter::input('bd_skins', 'post');
$bd_bad_skins = Filter::input('bd_bad_skins', 'post');
$bd_skins_ratio = Filter::input('bd_skins_ratio', 'post');
if ($bd_skins) {
if (!getDB()->isColumnExist($bd_skins, 'fname')) {
$this->answer .= 'Таблица не найдена ( ' . $bd_skins . ' ) <br />';
} else {
$bd_names['sp_skins'] = $bd_skins;
}
}
if ($bd_bad_skins) {
if (!getDB()->isColumnExist($bd_bad_skins, 'hash')) {
$this->answer .= 'Таблица не найдена ( ' . $bd_bad_skins . ' ) <br />';
} else {
$bd_names['sp_bad_skins'] = $bd_bad_skins;
}
}
if ($bd_skins_ratio) {
if (!getDB()->isColumnExist($bd_skins_ratio, 'num')) {
$this->answer .= 'Таблица не найдена ( ' . $bd_skins_ratio . ' ) <br />';
} else {
$bd_names['sp_skins_ratio'] = $bd_skins_ratio;
}
}
if ($bd_skins or $bd_bad_skins or $bd_skins_ratio) {
$configUpd = true;
}
} elseif (isset($_POST['sp_upload_set'])) {
$find_items = Filter::input('find_items', 'post', 'bool');
$tag = Filter::input('rebuild_type', 'post', 'int');
if ($find_items) {
$this->FindNewSkins($tag);
}
}
if ($configUpd) {
loadTool('alist.class.php');
if (!MainConfig::SaveOptions()) {
$this->answer .= 'Ошибка применения настроек <br />';
} else {
$this->answer .= 'Настройки изменены <br />';
}
}
$info = $this->answer;
$result = getDB()->ask("SELECT `id`, `name` FROM `{$bd_names['groups']}` ORDER BY `name` DESC LIMIT 0,90");
ob_start();
while ($line = $result->fetch()) {
$group_i = new Group($line['id']);
$group = $group_i->GetAllPermissions();
$group['name'] = $line['name'];
$group['id'] = $line['id'];
include $this->GetView('admin/group.html');
}
$groups = ob_get_clean();
ob_start();
include $this->GetView('admin/constants.html');
return ob_get_clean();
}
$player_email = $user->email();
if (empty($player_email)) {
$player_email = lng('NOT_SET');
}
$player_group = $user->getGroupName();
$player_money = $user->getMoney();
if ($user->group() == 4) {
$content_main .= View::ShowStaticPage('profile_verification.html', 'profile/', $player_email);
}
}
if (Filter::input('id', 'get', 'int')) {
$mode = 'news_full';
} else {
$mode = Filter::input('mode', 'post', 'stringLow', true);
if ($mode === false) {
$mode = Filter::input('mode', 'get', 'stringLow', true);
}
if (!$mode) {
$mode = $config['s_dpage'];
}
}
switch ($mode) {
case 'start':
$page = 'Начать игру';
$content_main = View::ShowStaticPage('start_game.html');
break;
case 'register':
case 'news':
include './location/news.php';
break;
case 'news_full':
<?php
if (!defined('MCR')) {
exit;
}
loadTool('catalog.class.php');
$category = Filter::input('cid', 'get', 'int');
if ($category) {
$news_manager = new NewsManager($category, 'news/', 'index.php?cid=' . $category . '&');
} else {
$news_manager = new NewsManager(-1, 'news/');
}
/* Default vars */
$page = lng('PAGE_NEWS');
/* Get \ Post options */
$curlist = Filter::input('l', 'get', 'int');
if ($curlist <= 0) {
$curlist = 1;
}
$menu->SetItemActive('main');
$content_main .= $news_manager->ShowNewsListing($curlist);
$content_main .= $news_manager->ShowCategorySelect();
$news_manager->destroy();
unset($news_manager);
<?php
header("Content-type: image/png");
require './system.php';
$showMini = (Filter::input('mini', 'get', 'int') or Filter::input('m', 'get', 'bool')) ? true : false;
$showByName = Filter::input('user_name', 'get', 'string', true);
$isFemale = Filter::input('female', 'get', 'int', true);
$userId = Filter::input('user_id', 'get', 'int');
if ($showMini and !$userId) {
$userId = Filter::input('mini', 'get', 'int');
}
if ($showByName or $userId or $isFemale !== false) {
if ($userId) {
DBinit('skin_viewer');
loadTool('user.class.php');
$tmp_user = new User($userId);
if (!$tmp_user->id()) {
exit;
}
$showByName = $tmp_user->name();
if (!file_exists($tmp_user->getSkinFName())) {
if ($config['default_skin']) {
$tmp_user->setDefaultSkin();
} else {
$showByName = false;
$isFemale = 1;
}
}
}
ShowSkin($showMini, $showByName, $isFemale, $config['sbuffer']);
}
<?php
require '../system.php';
$login = Filter::input('user', 'get');
$serverid = Filter::input('serverId', 'get');
$sessionid = Filter::input('sessionId', 'get');
if (empty($sessionid) or empty($serverid) or empty($login)) {
vtxtlog("[joinserver.php] join process [GET parameter empty] [ " . (empty($sessionid) ? 'SESSIONID ' : '') . (empty($login) ? 'USER ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]");
exit('Bad login');
}
loadTool('user.class.php');
DBinit('joinserver');
$sessionidv16 = explode(":", $sessionid);
if ($sessionidv16[0] == "token" && $sessionidv16[2] == "2") {
$sessionid = $sessionidv16[1];
}
if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[0-9]+\$/", $sessionid) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) {
vtxtlog("[joinserver.php] error while login process [input login " . $login . " sessionid " . $sessionid . " serverid " . $serverid . "]");
exit('Bad login');
}
$tmp_user = new User($login, $bd_users['login']);
if ($tmp_user->id() === false or $tmp_user->name() !== $login) {
vtxtlog("[joinserver.php] Bad login register");
exit('Bad login');
}
$sql = "SELECT COUNT(*) FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['login']}`=:login " . "AND `{$bd_users['server']}`=:server";
$result = getDB()->fetchRow($sql, array('session' => $sessionid, 'login' => $tmp_user->name(), 'server' => $serverid), 'num');
if ((int) $result[0] == 1) {
vtxtlog('[joinserver.php] join Server [Result] Relogin OK');
exit('OK');
}
<?php
if (!defined('MCR')) {
exit;
}
$page = 'Страница не найдена';
$sub_dir = '';
$route = Filter::input('route', 'get', 'string', true);
if ($route and strpos($route, $site_ways['mcraft']) !== false) {
$sub_dir = 'launcher/';
}
$content_main = View::ShowStaticPage('404.html', $sub_dir);
if ($sub_dir) {
exit($content_main);
}
