* PsychoStats is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* PsychoStats is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with PsychoStats. If not, see <http://www.gnu.org/licenses/>.
*
* Version: $Id: manage.php 389 2008-04-18 15:04:10Z lifo $
*/
define("PSYCHOSTATS_PAGE", true);
define("PSYCHOSTATS_ADMIN_PAGE", true);
include "../includes/common.php";
include "./common.php";
// for now, redirect to the logsources
gotopage('logsources.php');
$cms->crumb('Manage', ps_url_wrapper($_SERVER['REQUEST_URI']));
// assign variables to the theme
$cms->theme->assign(array('page' => basename(__FILE__, '.php')));
// display the output
$basename = basename(__FILE__, '.php');
$cms->theme->add_css('css/2column.css');
$cms->theme->add_css('css/forms.css');
//$cms->theme->add_js('js/jquery.interface.js');
//$cms->theme->add_js('js/forms.js');
$cms->full_page($basename, $basename, $basename . '_header', $basename . '_footer', '');
$validfields = array('gametype', 'modtype', 'overwrite', 'dropdb');
$cms->theme->assign_request_vars($validfields, true);
$gametypes = array('cod' => "Call of Duty", 'halflife' => "Half-Life", 'soldat' => "Soldat");
$modtypes = array('cstrike' => "Counter Strike", 'dod' => "Day of Defeat", 'hldm' => "Deathmatch (valve)", 'gungame' => "Gungame", 'natural' => "Natural Selection", 'tf2' => "Team Fortress 2");
$gamesupport = array('halflife' => array('cstrike', 'dod', 'gungame', 'hldm', 'natural', 'tf2'), 'cod' => array(), 'soldat' => array());
// make DB connection
load_db_opts();
$db->config(array('dbhost' => $dbhost, 'dbport' => $dbport, 'dbname' => $dbname, 'dbuser' => $dbuser, 'dbpass' => $dbpass, 'dbtblprefix' => $dbtblprefix));
$db->clear_errors();
$db->connect();
if (!$db->connected) {
if ($ajax_request) {
print "<script type='text/javascript'>window.location = 'go.php?s=db&re=1&install=" . urlencode($install) . "';</script>";
exit;
} else {
gotopage("go.php?s=db&re=1&install=" . urlencode($install));
}
}
$allow_next = false;
$db_init = false;
$errors = array();
$actions = array();
$schema = array();
$defaults = array();
$cms->theme->assign_by_ref('db_init', $db_init);
$cms->theme->assign_by_ref('errors', $errors);
$cms->theme->assign_by_ref('actions', $actions);
// no need to 'overwrite' if we are dropping the database entirely
if ($dropdb) {
$overwrite = false;
}
*
* Version: $Id: common.php 539 2008-08-15 19:24:26Z lifo $
*/
if (!defined("PSYCHOSTATS_ADMIN_PAGE")) {
die("Unauthorized access to " . basename(__FILE__));
}
// ADMIN pages need to setup the theme a little differently than the others
$opts = array('theme_default' => 'acp', 'theme_opt' => 'admin_theme', 'force_theme' => true, 'in_db' => false, 'template_dir' => dirname(__FILE__) . '/themes', 'theme_url' => 'themes', 'compile_id' => 'admin');
$opts = array_merge($ps->conf['theme'], $opts);
// At all costs the admin page should never break due to file permissions. If
// the compile directory is not writable we fallback to not saving compiled
// themes to disk which is slower. But shouldn't be a big problem since only a
// single person is usually accessing the admin page.
if ($opts['fetch_compile'] and !is_writable($opts['compile_dir'])) {
$opts['fetch_compile'] = false;
}
$cms->init_theme('acp', $opts);
$ps->theme_setup($cms->theme);
$cms->crumb('Stats', dirname(dirname(SAFE_PHP_SELF)) . '/');
$cms->crumb('Admin', 'index.php');
$file = basename(PHP_SELF, '.php');
if (!$cms->user->admin_logged_in()) {
if (!defined("PSYCHOSTATS_LOGIN_PAGE")) {
gotopage(ps_url_wrapper(array('_base' => dirname($_SERVER['SCRIPT_NAME']) . '/login.php', '_ref' => $_SERVER['REQUEST_URI'])));
}
}
// Set flag if the install directory (go script) is still readable by the
// webserver. Admins need to remove the install directory after installation.
if (is_readable(catfile(dirname(dirname(__FILE__)), 'install', 'go.php'))) {
$cms->theme->assign(array('install_dir_insecure' => true, 'install_dir' => catfile(dirname(dirname(__FILE__)), 'install')));
}
*/
define("PSYCHOSTATS_PAGE", true);
define("PSYCHOSTATS_ADMIN_PAGE", true);
include "../includes/common.php";
include "./common.php";
$cms->theme->assign('page', basename(__FILE__, '.php'));
/*
ct = conftype we're currently editing. Which can have multiple sections within it
q = search query. if spcified, only conf variables that match will be displayed
*/
$validfields = array('submit', 'cancel', 'new', 'ct', 's', 'q', 'adv');
$cms->theme->assign_request_vars($validfields, true);
$message = '';
$cms->theme->assign_by_ref('message', $message);
if ($new) {
gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'var.php', 'ct' => $ct, 's' => $s)));
}
if ($cancel) {
previouspage(ps_url_wrapper(array('_amp' => '&', '_base' => 'conf.php', 'ct' => $ct, 's' => $s)));
}
$where = "";
if ($q != '') {
$_q = '%' . $ps->db->escape($q) . '%';
$where = "(var LIKE '{$_q}' OR label LIKE '{$_q}' OR help LIKE '{$_q}')";
}
// get a list of conftype's available. Ignoring those that only have locked variables within them
$list = $ps->db->fetch_rows(1, "SELECT conftype,section " . "FROM {$ps->t_config} " . "WHERE conftype <> 'info' AND locked <> 1 AND var IS NOT NULL " . ($where ? "AND {$where} " : "") . "GROUP BY conftype,section " . "HAVING COUNT(*) > 0 " . "ORDER BY conftype");
$sections = array();
foreach ($list as $c) {
if (!$sections[$c['conftype']]) {
$sections[$c['conftype']] = array();
if (!array_key_exists($install, $pending)) {
$message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Invalid plugin was specified! Only plugins in the pending list can be installed.")));
} else {
// install the plugin!
$err = '';
$ok = $cms->include_plugin_file($pending[$install]['fullfile'], $err);
if ($ok and !$err) {
// even if there was an error $ok can still be true
// create an object for the plugin and load it.
$plugin = $pending[$install]['base'];
$obj = new $plugin();
if ($info = $obj->install($cms)) {
// plugin successfully installed whatever it needed ...
// now we install it in the database.
if ($cms->install_plugin($plugin, $info)) {
gotopage(ps_url_wrapper($PHP_SELF));
} else {
$message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Error installing plugin:") . " " . $obj->errstr));
}
} else {
$message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $obj->errstr ? $obj->errstr : $cms->trans("Plugin failed to install but did not give a reason why. Contact the plugin author for help.")));
}
} else {
$message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Error loading plugin code!") . $err ? "<br/>\n{$err}" : ''));
}
}
}
$total = $ps->db->count($ps->t_plugins);
$pager = pagination(array('baseurl' => ps_url_wrapper(array('sort' => $sort, 'order' => $order, 'limit' => $limit)), 'total' => $total, 'start' => $start, 'perpage' => $limit, 'pergroup' => 5, 'separator' => ' ', 'force_prev_next' => true, 'next' => $cms->trans("Next"), 'prev' => $cms->trans("Previous")));
$cms->crumb("Plugins", $PHP_SELF);
// assign variables to the theme
if (!in_array($s, $allowed_steps)) {
gotopage('index.php');
}
}
$allow_next = true;
$ajax_request = !empty($a) ? true : false;
// verify our install key still matches this session
// if the install key from the form does not match what is in the option cookie
// then we know the user either opened a second install page, or went back
// to the install index, which destroyed the previous cookie (and the DB settings)
if ($install != $opts['install']) {
if ($ajax_request) {
print "<script type='text/javascript'>window.location = 'index.php?re=1';</script>";
exit;
} else {
gotopage("index.php?re=1");
}
}
$pagename = basename(__FILE__, '.php');
$cms->theme->add_css('css/2column.css');
$cms->theme->add_js("js/go.js");
$cms->theme->add_js("js/go-{$s}.js");
$cms->theme->assign_by_ref('allow_next', $allow_next);
$cms->theme->assign_by_ref('dbhost', $dbhost);
$cms->theme->assign_by_ref('dbport', $dbport);
$cms->theme->assign_by_ref('dbname', $dbname);
$cms->theme->assign_by_ref('dbuser', $dbuser);
$cms->theme->assign_by_ref('dbpass', $dbpass);
$cms->theme->assign_by_ref('dbtblprefix', $dbtblprefix);
$cms->theme->assign(array('step' => $s, 'db_connected' => $db->connected, 'is_windows' => strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'));
// allow custom code to handle our current progress/event
$search = '';
}
}
// determine the total players found
$total['all'] = $ps->get_total_players(array('allowall' => 1));
if ($results) {
$total['ranked'] = $results['result_total'];
$total['absolute'] = $results['abs_total'];
} else {
$total['ranked'] = $ps->get_total_players(array('allowall' => 0));
$total['absolute'] = $total['all'];
}
// auto-redirect to the exact player matched in the search
// if a single player was found.
if ($search and $results['abs_total'] == 1 and is_numeric($results['results'])) {
gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'player.php', 'id' => $results['results'])));
}
// fetch stats, etc...
$players = $ps->get_player_list(array('results' => $results, 'sort' => $sort, 'order' => $order, 'start' => $start, 'limit' => $limit, 'joinclaninfo' => false));
$baseurl = array('sort' => $sort, 'order' => $order, 'limit' => $limit);
if ($search) {
$baseurl['search'] = $search;
} else {
if ($q != '') {
$baseurl['q'] = $q;
}
}
$pager = pagination(array('baseurl' => ps_url_wrapper($baseurl), 'total' => $total['ranked'], 'start' => $start, 'perpage' => $limit, 'pergroup' => 5, 'separator' => ' ', 'force_prev_next' => true, 'next' => $cms->trans("Next"), 'prev' => $cms->trans("Previous")));
// build a dynamic table that plugins can use to add custom columns of data
$table = $cms->new_table($players);
$table->if_no_data($cms->trans("No Players Found"));
function previouspage($alt = NULL)
{
if ($alt == NULL) {
$alt = 'index.php';
}
if ($_REQUEST['ref']) {
// $ref = (get_magic_quotes_gpc()) ? stripslashes($_REQUEST['ref']) : $_REQUEST['ref'];
$ref = $_REQUEST['ref'];
gotopage($ref);
// jump to previous page, if specified
} else {
gotopage($alt);
}
}
$query = sprintf("SELECT id,perm,username,email,password FROM users WHERE username = '******' OR email = '%s'", $conn->real_escape_string($username), $conn->real_escape_string($username));
$result = $conn->query($query);
if ($result->num_rows === 0) {
check_cond(true, "invalid");
$formattedError .= $errorMappings["invalid"] . "\n";
} else {
$data = $result->fetch_assoc();
if (password_verify($password, $data['password'])) {
$_SESSION['auth'] = $data['perm'];
$_SESSION['uid'] = $data['id'];
$_SESSION['un'] = $data['username'];
$_SESSION['email'] = $data['email'];
if ($useJSON) {
echo json_encode(["success" => true, "redirect" => "/"]);
} else {
gotopage("/");
}
exit;
} else {
check_cond(false, "invalid");
$formattedError .= $errorMappings["invalid"] . "\n";
}
}
}
if ($useJSON) {
$mapped = array_filter($errorMappings, function ($key) {
global $error;
return in_array($key, $error) && !$error[$key];
}, ARRAY_FILTER_USE_KEY);
foreach ($mapped as $key => $value) {
switch (substr($key, 0, -1)) {
// check privileges to edit this player
if (!ps_user_can_edit_player($plr)) {
$data = array('message' => $cms->trans("Insufficient privileges to edit player!"));
$cms->full_page_err(basename(__FILE__, '.php'), $data);
exit;
}
// delete it, if asked to
/* we don't want normal users deleting themselves ... */
if ($cms->user->is_admin() and $del and $id and $plr['plrid'] == $id) {
if (!$ps->delete_player($id)) {
$data = array('message' => $cms->trans("Error deleting player: " . $ps->db->errstr));
$cms->full_page_err(basename(__FILE__, '.php'), $data);
exit;
}
// don't use previouspage, since chances are the player.php is the referrer and will no longer be valid.
gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'index.php')));
}
/**/
// create the form variables
$form = $cms->new_form();
$form->default_modifier('trim');
$form->field('plrname', 'blank');
// 'plrname' is used instead of 'name' to avoid conflicts with some software (nuke)
$form->field('email');
$form->field('aim');
$form->field('icq');
$form->field('msn');
$form->field('website');
$form->field('icon');
$form->field('cc');
$form->field('logo');
* along with PsychoStats. If not, see <http://www.gnu.org/licenses/>.
*
* Version: $Id: login.php 389 2008-04-18 15:04:10Z lifo $
*/
define("PSYCHOSTATS_PAGE", true);
define("PSYCHOSTATS_ADMIN_PAGE", true);
define("PSYCHOSTATS_LOGIN_PAGE", true);
include "../includes/common.php";
include "./common.php";
$cms->theme->assign('page', basename(__FILE__, '.php'));
$_GET['ref'] = htmlspecialchars($_GET['ref']);
//XSS Fix. Thanks to JS2007
$validfields = array('submit', 'cancel', 'ref');
$cms->theme->assign_request_vars($validfields, true);
if ($cancel) {
gotopage("../index.php");
} elseif ($cms->user->admin_logged_in()) {
previouspage('index.php');
}
$bad_pw_error = $cms->trans('Invalid username or password');
$form = $cms->new_form();
$form->default_modifier('trim');
$form->default_validator('blank', $cms->trans("This field can not be blank"));
$form->field('username', 'user_exists');
$form->field('password');
if ($submit) {
$form->validate();
$input = $form->values();
$valid = !$form->has_errors();
// protect against CSRF attacks
if ($ps->conf['main']['security']['csrf_protection']) {
