function CheckPostComplect() { $input = array('login' => Filter::input('login'), 'pass' => Filter::input('pass'), 'repass' => Filter::input('repass'), 'email' => Filter::input('email', 'post', 'mail'), 'female' => Filter::input('female', 'post', 'bool'), 'verificate' => Filter::input('verificate', 'get'), 'id' => Filter::input('id', 'post', 'int'), 'method' => false); if (!$input['id']) { $input['id'] = Filter::input('id', 'get', 'int'); } if ($input['login'] and $input['pass'] and $input['repass']) { $input['method'] = 1; } if ($input['verificate'] and $input['id']) { $input['method'] = 2; } return $input; }
function aExit($code, $mess = 'error') { global $ajax_message; $iframe = Filter::input('json_iframe', 'post', 'bool'); $ajax_message['code'] = $code; $ajax_message['message'] = $mess == 'error' ? $mess . ' code: ' . $code : $mess; if (defined('JSON_HEX_QUOT')) { $result = json_encode($ajax_message, JSON_HEX_QUOT | JSON_HEX_APOS | JSON_HEX_TAG); } else { $result = json_encode($ajax_message); } if ($iframe) { $result = escapeJsonString($result); $result = '<html><head><title>jnone</title><script type="text/javascript"> var json_response = "' . $result . '"</script></head><body></body></html>'; } exit($result); }
public static function LoadSession() { global $user, $bd_users; $user = false; $check_ip = GetRealIp(); $check = true; $session = Filter::input('session_id', 'get'); if (!class_exists('User', false)) { exit('include user class first'); } if (!session_id() and !empty($session) and preg_match('/^[a-zA-Z0-9]{26,40}$/', $session)) { session_id($session); } if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['user_name'])) { $user = new User($_SESSION['user_name'], $bd_users['login']); } if (isset($_COOKIE['PRTCookie1']) and empty($user)) { $user = new User($_COOKIE['PRTCookie1'], $bd_users['tmp']); if ($user->id()) { $_SESSION['user_name'] = $user->name(); $_SESSION['ip'] = $check_ip; } } if (!empty($user)) { if (!$user->id() or $user->lvl() <= 0 or $check and $check_ip != $user->ip()) { if ($user->id()) { $user->logout(); } setcookie("PRTCookie1", "", time(), '/'); $user = false; } } }
<?php session_start(); date_default_timezone_set('PRC'); define('APP_PATH', str_replace('\\', '/', __DIR__ . '/')); include_once './init/init.php'; try { Filter::input(); $m = !empty($_REQUEST['m']) ? trim($_REQUEST['m']) : 'index'; $m = ucfirst(strtolower($m)); $a = !empty($_REQUEST['a']) ? trim($_REQUEST['a']) : 'index'; if (empty($m)) { throw new Exception('module is empty'); } if (!class_exists($m)) { throw new Exception("class {$m} is not exists"); } if (empty($a)) { throw new Exception('action is empty'); } $module = new $m(); $action = 'action' . ucfirst($a); if (!method_exists($module, $action)) { throw new Exception("action {$a} is not exists"); } $module->{$action}(); } catch (Exception $e) { Util::response(array('code' => 400, 'msg' => $e->getMessage())); }
} if ($mail) { $rcodes[] = $mod_user->changeEmail($mail); } $ajax_message['token_data'] = tokenTool('get'); } $newlogin = Filter::input('new_login'); $newpass = Filter::input('new_password'); $delete_skin = Filter::input('new_delete_skin', 'post', 'bool'); $delete_cloak = Filter::input('new_delete_cloak', 'post', 'bool'); if ($newlogin) { $rcodes[] = $mod_user->changeName($newlogin); } if ($newpass) { $oldpass = Filter::input('old_password'); $newrepass = Filter::input('new_repassword'); if ($user->lvl() >= 15 and $user_id) { $rcodes[] = $mod_user->changePassword($newpass); } else { $rcodes[] = $mod_user->changePassword($newpass, $newrepass, $oldpass); } } if (empty($_FILES['new_skin']['tmp_name']) and $delete_skin and !$mod_user->defaultSkinTrigger() and $user->getPermission('change_skin')) { $rcodes[] = $mod_user->setDefaultSkin(); } if (empty($_FILES['new_cloak']['tmp_name']) and $delete_cloak and $user->getPermission('change_cloak')) { $mod_user->deleteCloak(); $rcodes[] = 1; } if (!empty($_FILES['new_skin']['tmp_name'])) { $rcodes[] = (int) $mod_user->changeVisual('new_skin', 'skin');
function tokenTool($mode = 'set') { global $content_js; if (!isset($_SESSION)) { session_start(); } if ($mode == 'check') { if (empty($_SESSION['token_data']) or $_SESSION['token_data'] !== Filter::input('token_data')) { if (isset($_SESSION['token_data'])) { unset($_SESSION['token_data']); } exit(lng('TOKEN_FAIL')); return false; } unset($_SESSION['token_data']); return true; } elseif ($mode == 'set') { $_SESSION['token_data'] = randString(32); $content_js .= '<script type="text/javascript">var token_data = "' . $_SESSION['token_data'] . '";</script>'; return true; } elseif ($mode == 'setinput') { $_SESSION['token_data'] = randString(32); return '<input type="hidden" name="token_data" id="token_data" value="' . $_SESSION['token_data'] . '" />'; } else { $_SESSION['token_data'] = randString(32); return $_SESSION['token_data']; } }
if (empty($game_server)) { $game_server = sqlConfigGet('rcon-serv'); } if ($game_server == 0) { exit('<script>' . $token . 'parent.showResult("rcon unconfigured");</script>'); } $rcon_port = Filter::input('port', 'post', 'int'); if (empty($rcon_port)) { $rcon_port = (int) sqlConfigGet('rcon-port'); } $rcon_pass = Filter::input('pass'); if (empty($rcon_pass)) { $rcon_pass = sqlConfigGet('rcon-pass'); } /* Sync or drop config */ if (Filter::input('save', 'post', 'bool')) { sqlConfigSet('rcon-serv', $game_server); sqlConfigSet('rcon-pass', $rcon_pass); sqlConfigSet('rcon-port', $rcon_port); } else { sqlConfigSet('rcon-serv', 0); } try { $rcon = new MinecraftRcon(); $rcon->Connect($game_server, $rcon_port, $rcon_pass); if ($userlist) { $page = GetUserListHTML($rcon->Command('list')); exit("<script>'.{$token}.'parent.GetById('users_online').innerHTML = '" . $page[0] . "'; " . $page[1] . "</script>"); } $command = str_replace(array("\r\n", "\n", "\r"), '', $command); $command = preg_replace('| +|', ' ', $command);
$user_img_get = $ban_user->getSkinLink() . '&refresh=' . rand(1000, 9999); if ($cloak_exist or !$skin_def) { include View::Get('profile_skin.html', $st_subdir . 'profile/'); } if (!$skin_def) { include View::Get('profile_del_skin.html', $st_subdir . 'profile/'); } if ($cloak_exist) { include View::Get('profile_del_cloak.html', $st_subdir . 'profile/'); } if ($bd_names['iconomy']) { include View::Get('profile_money.html', $st_subdir . 'profile/'); } include View::Get('profile_footer.html', $st_subdir . 'profile/'); case 'delete_banip': $ip = Filter::input('ip', 'get'); if (!empty($ip) and preg_match("/[0-9.]+\$/", $ip)) { getDB()->ask("DELETE FROM {$bd_names['ip_banning']} WHERE IP=:ip", array('ip' => $ip)); $info .= lng('IP_UNBANNED') . ' ( ' . $ip . ') '; } break; } $html .= ob_get_clean(); } if ($do == 'sign') { $data = file_get_contents(View::Get('edit.png', 'img/')); if (!$data) { exit; } $data = explode("IEND�B`", $data); if (sizeof($data) != 2) {
public function ShowNewsEditor() { global $bd_names; $editorTitle = 'Добавить новость'; $editorButton = 'Добавить'; $editInfo = array('vote' => !Filter::input('hide_vote', 'post', 'bool'), 'discus' => !Filter::input('hide_discus', 'post', 'bool')); $editCategory = Filter::input('cid', 'post', 'int', true); $editMode = Filter::input('editMode', 'post', 'int'); $editTitle = Filter::input('title', 'post', 'string', true); $editMessage = Filter::input('message', 'post', 'html', true); $editMessage_Full = Filter::input('message_full', 'post', 'html', true); $error = ''; if ($editCategory !== false and $editTitle !== false and $editMessage !== false) { ob_start(); $state = 'error'; if (!$editCategory or !$editMessage or !$editTitle) { $text_str = 'Заполните необходимые поля.'; } else { if ($editMode > 0) { $news_item = new News_Item($editMode, $this->st_subdir); if ($news_item->Edit($editCategory, $editTitle, $editMessage, $editMessage_Full, $editInfo['vote'], $editInfo['discus'])) { $state = 'success'; $text_str = 'Новость обновлена'; } else { $text_str = 'Недостаточно прав'; } $editMode = 0; } else { $news_item = new News_Item(); $news_item->Create($editCategory, $editTitle, $editMessage, $editMessage_Full, $editInfo['vote'], $editInfo['discus']); $state = 'success'; $text_str = 'Новость добавлена'; } } include $this->GetView('news_admin_mess.html'); $error = ob_get_clean(); } elseif (Filter::input('delete', 'get', 'int')) { $news_item = new News_Item(Filter::input('delete', 'get', 'int')); $news_item->Delete(); header("Location: " . $this->work_link . "ok"); } elseif (Filter::input('edit', 'get', 'int')) { $editorTitle = 'Обновить новость'; $editorButton = 'Изменить'; $news_item = new News_Item(Filter::input('edit', 'get', 'int')); if (!$news_item->Exist()) { return ''; } $editInfo = $news_item->getInfo(); $editMode = $editInfo['id']; $editCategory = $editInfo['category_id']; $editTitle = TextBase::HTMLDestruct($editInfo['title']); $editMessage = TextBase::HTMLDestruct($editInfo['text']); $editMessage_Full = TextBase::HTMLDestruct($editInfo['text_full']); } ob_start(); $cat_list = CategoryManager::GetList($editCategory); include $this->GetView('news_add.html'); return ob_get_clean(); }
exit; } loadTool('ajax.php'); loadTool('user.class.php'); DBinit('login'); if ($out) { header("Location: " . BASE_URL); MCRAuth::userLoad(); if (!empty($user)) { $user->logout(); } } elseif ($login) { $pass = Filter::input('pass'); $tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']); $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); if (!$tmp_user->id()) { aExit(4, lng('AUTH_NOT_EXIST')); } if ($tmp_user->auth_fail_num() >= 5) { CaptchaCheck(6); } if (!$tmp_user->authenticate($pass)) { $ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num(); aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>'); } if ($tmp_user->lvl() <= 0) { aExit(4, lng('USER_BANNED')); } $tmp_user->login(randString(15), GetRealIp(), Filter::input('save', 'post', 'bool')); aExit(0, 'success'); }
<?php require '../system.php'; $user = Filter::input('user', 'get'); $serverid = Filter::input('serverId', 'get'); if (empty($user) or empty($serverid)) { vtxtlog("[checkserver.php] checkserver process [GET parameter empty] [ " . (empty($user) ? 'LOGIN ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]"); exit('NO'); } loadTool('user.class.php'); DBinit('checkserver'); if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $user) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) { vtxtlog("[checkserver.php] error checkserver process [info login " . $user . " serverid " . $serverid . "]"); exit('NO'); } $sql = "SELECT COUNT(*) FROM {$bd_names['users']} " . "WHERE `{$bd_users['login']}`=:user AND `{$bd_users['server']}`=:serverid"; $result = getDB()->fetchRow($sql, array('user' => $user, 'serverid' => $serverid), 'num'); if ((int) $result[0]) { $user_login = new User($user, $bd_users['login']); $user_login->gameLoginConfirm(); vtxtlog("[checkserver.php] Server Test [Success]"); exit('YES'); } vtxtlog("[checkserver.php] [User not found] User [{$user}] Server ID [{$serverid}]"); exit('NO');
$female = Filter::input('female', 'post', 'string', true); $email = Filter::input('email', 'post', 'mail', true); if ($female !== false and $user->gender() > 1) { $user->changeGender(!(int) $female ? 0 : 1); } if ($email) { $send_result = $user->changeEmail($email, true); if ($send_result == 1) { $html_info = lng('REG_CONFIRM_INFO'); } elseif ($send_result == 1902) { $html_info = lng('AUTH_EXIST_EMAIL'); } else { $html_info = lng('MAIL_FAIL'); } } } elseif (Filter::input('antibot')) { $html_info = lng('CAPTCHA_FAIL'); } if ($user->group() == 4 or !$user->email() or $user->gender() > 1) { ob_start(); include View::Get('cp_form.html', $prefix); if ($user->group() == 4 or !$user->email()) { include View::Get('profile_email.html', $prefix); } if ($user->gender() > 1) { include View::Get('profile_gender.html', $prefix); } include View::Get('cp_form_footer.html', $prefix); $content_main .= ob_get_clean(); } }
require '../system.php'; function generateSessionId() { srand(time()); $randNum = rand(1000000000, 2147483647) . rand(1000000000, 2147483647) . rand(0, 9); return $randNum; } function logExit($text, $output = "Bad login") { vtxtlog($text); exit($output); } $login = Filter::input('user'); $password = Filter::input('password'); $ver = Filter::input('version'); if (empty($password) or empty($ver) or empty($login)) { logExit("[auth.php] login process [Empty input] [ " . (empty($login) ? 'LOGIN ' : '') . (empty($password) ? 'PASSWORD ' : '') . (empty($ver) ? 'VER ' : '') . "]"); } loadTool('user.class.php'); DBinit('auth'); if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or !preg_match("/^[0-9]+\$/", $ver)) { logExit("[auth.php] login process [Bad symbols] User [{$login}] Password [{$password}] Ver [{$ver}]"); } if ((int) sqlConfigGet('launcher-version') != (int) $ver) { logExit("[auth.php] login process [Old version] ver " . $ver, "Old version"); } $auth_user = new User($login, $bd_users['login']); if (!$auth_user->id()) { logExit("[auth.php] login process [Unknown user] User [{$login}] Password [{$password}]"); }
<?php require '../system.php'; loadTool('ajax.php'); loadTool('monitoring.class.php'); $id = Filter::input('id', 'post', 'int', true) or exit; DBinit('monitoring'); $server = new Server($id, 'serverstate/'); $server->UpdateState(); $server->ShowInfo();
public function ShowAdminForm() { global $bd_names, $config; $info = $this->answer; $configUpd = false; if (isset($_POST['sp_group_edit'])) { $group = new Group(Filter::input('group', 'post', 'int')); $permissions = $group->GetAllPermissions(); foreach (self::$permissions as $key => $value) { if ($value == 'bool') { $permissions[$key] = Filter::input($key, 'post', 'int') ? 1 : 0; } elseif (isset($_POST[$key])) { $permissions[$key] = Filter::input($key, 'post', 'int'); } else { continue; } } $group->Edit($group->GetName(), $permissions); } elseif (isset($_POST['sp_config_set'])) { // @todo move rebuild action some where else $rebuild_items = Filter::input('rebuild_items', 'post', 'bool'); if ($rebuild_items) { $this->RebuildAll(); } $config['sp_online'] = !Filter::input('sp_offline', 'post', 'bool'); $config['sp_upload'] = Filter::input('sp_upload', 'post', 'bool'); $config['sp_download'] = Filter::input('sp_download', 'post', 'bool'); $config['sp_comments'] = Filter::input('sp_comments', 'post', 'bool'); $configUpd = true; } elseif (isset($_POST['sp_tables_set'])) { $bd_skins = Filter::input('bd_skins', 'post'); $bd_bad_skins = Filter::input('bd_bad_skins', 'post'); $bd_skins_ratio = Filter::input('bd_skins_ratio', 'post'); if ($bd_skins) { if (!getDB()->isColumnExist($bd_skins, 'fname')) { $this->answer .= 'Таблица не найдена ( ' . $bd_skins . ' ) <br />'; } else { $bd_names['sp_skins'] = $bd_skins; } } if ($bd_bad_skins) { if (!getDB()->isColumnExist($bd_bad_skins, 'hash')) { $this->answer .= 'Таблица не найдена ( ' . $bd_bad_skins . ' ) <br />'; } else { $bd_names['sp_bad_skins'] = $bd_bad_skins; } } if ($bd_skins_ratio) { if (!getDB()->isColumnExist($bd_skins_ratio, 'num')) { $this->answer .= 'Таблица не найдена ( ' . $bd_skins_ratio . ' ) <br />'; } else { $bd_names['sp_skins_ratio'] = $bd_skins_ratio; } } if ($bd_skins or $bd_bad_skins or $bd_skins_ratio) { $configUpd = true; } } elseif (isset($_POST['sp_upload_set'])) { $find_items = Filter::input('find_items', 'post', 'bool'); $tag = Filter::input('rebuild_type', 'post', 'int'); if ($find_items) { $this->FindNewSkins($tag); } } if ($configUpd) { loadTool('alist.class.php'); if (!MainConfig::SaveOptions()) { $this->answer .= 'Ошибка применения настроек <br />'; } else { $this->answer .= 'Настройки изменены <br />'; } } $info = $this->answer; $result = getDB()->ask("SELECT `id`, `name` FROM `{$bd_names['groups']}` ORDER BY `name` DESC LIMIT 0,90"); ob_start(); while ($line = $result->fetch()) { $group_i = new Group($line['id']); $group = $group_i->GetAllPermissions(); $group['name'] = $line['name']; $group['id'] = $line['id']; include $this->GetView('admin/group.html'); } $groups = ob_get_clean(); ob_start(); include $this->GetView('admin/constants.html'); return ob_get_clean(); }
$player_email = $user->email(); if (empty($player_email)) { $player_email = lng('NOT_SET'); } $player_group = $user->getGroupName(); $player_money = $user->getMoney(); if ($user->group() == 4) { $content_main .= View::ShowStaticPage('profile_verification.html', 'profile/', $player_email); } } if (Filter::input('id', 'get', 'int')) { $mode = 'news_full'; } else { $mode = Filter::input('mode', 'post', 'stringLow', true); if ($mode === false) { $mode = Filter::input('mode', 'get', 'stringLow', true); } if (!$mode) { $mode = $config['s_dpage']; } } switch ($mode) { case 'start': $page = 'Начать игру'; $content_main = View::ShowStaticPage('start_game.html'); break; case 'register': case 'news': include './location/news.php'; break; case 'news_full':
<?php if (!defined('MCR')) { exit; } loadTool('catalog.class.php'); $category = Filter::input('cid', 'get', 'int'); if ($category) { $news_manager = new NewsManager($category, 'news/', 'index.php?cid=' . $category . '&'); } else { $news_manager = new NewsManager(-1, 'news/'); } /* Default vars */ $page = lng('PAGE_NEWS'); /* Get \ Post options */ $curlist = Filter::input('l', 'get', 'int'); if ($curlist <= 0) { $curlist = 1; } $menu->SetItemActive('main'); $content_main .= $news_manager->ShowNewsListing($curlist); $content_main .= $news_manager->ShowCategorySelect(); $news_manager->destroy(); unset($news_manager);
<?php header("Content-type: image/png"); require './system.php'; $showMini = (Filter::input('mini', 'get', 'int') or Filter::input('m', 'get', 'bool')) ? true : false; $showByName = Filter::input('user_name', 'get', 'string', true); $isFemale = Filter::input('female', 'get', 'int', true); $userId = Filter::input('user_id', 'get', 'int'); if ($showMini and !$userId) { $userId = Filter::input('mini', 'get', 'int'); } if ($showByName or $userId or $isFemale !== false) { if ($userId) { DBinit('skin_viewer'); loadTool('user.class.php'); $tmp_user = new User($userId); if (!$tmp_user->id()) { exit; } $showByName = $tmp_user->name(); if (!file_exists($tmp_user->getSkinFName())) { if ($config['default_skin']) { $tmp_user->setDefaultSkin(); } else { $showByName = false; $isFemale = 1; } } } ShowSkin($showMini, $showByName, $isFemale, $config['sbuffer']); }
<?php require '../system.php'; $login = Filter::input('user', 'get'); $serverid = Filter::input('serverId', 'get'); $sessionid = Filter::input('sessionId', 'get'); if (empty($sessionid) or empty($serverid) or empty($login)) { vtxtlog("[joinserver.php] join process [GET parameter empty] [ " . (empty($sessionid) ? 'SESSIONID ' : '') . (empty($login) ? 'USER ' : '') . (empty($serverid) ? 'SERVERID ' : '') . "]"); exit('Bad login'); } loadTool('user.class.php'); DBinit('joinserver'); $sessionidv16 = explode(":", $sessionid); if ($sessionidv16[0] == "token" && $sessionidv16[2] == "2") { $sessionid = $sessionidv16[1]; } if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login) or !preg_match("/^[0-9]+\$/", $sessionid) or !preg_match("/^[a-z0-9_-]+\$/", $serverid)) { vtxtlog("[joinserver.php] error while login process [input login " . $login . " sessionid " . $sessionid . " serverid " . $serverid . "]"); exit('Bad login'); } $tmp_user = new User($login, $bd_users['login']); if ($tmp_user->id() === false or $tmp_user->name() !== $login) { vtxtlog("[joinserver.php] Bad login register"); exit('Bad login'); } $sql = "SELECT COUNT(*) FROM `{$bd_names['users']}` " . "WHERE `{$bd_users['session']}`=:session " . "AND `{$bd_users['login']}`=:login " . "AND `{$bd_users['server']}`=:server"; $result = getDB()->fetchRow($sql, array('session' => $sessionid, 'login' => $tmp_user->name(), 'server' => $serverid), 'num'); if ((int) $result[0] == 1) { vtxtlog('[joinserver.php] join Server [Result] Relogin OK'); exit('OK'); }
<?php if (!defined('MCR')) { exit; } $page = 'Страница не найдена'; $sub_dir = ''; $route = Filter::input('route', 'get', 'string', true); if ($route and strpos($route, $site_ways['mcraft']) !== false) { $sub_dir = 'launcher/'; } $content_main = View::ShowStaticPage('404.html', $sub_dir); if ($sub_dir) { exit($content_main); }