function check_login($username,$pw,$pw_hash)
{
$hash=$_SESSION[pwhash];
$_SESSION[pwhash]="";
// check if $pw is ok
if($pw_hash!=md5($pw.$hash))
return false;
$nid=getsql("select id from user where md5(concat(name,'$hash'))='$username' and md5(concat(password,'$has'))='$pw'");
if($nid!="")
{
$_SESSION[userid]=$nid;
return true;
}
}
function user_info($_id = 0)
{
$id = $_id;
if ($_id == 0 && is_authed()) {
$id = $_SESSION['id'];
}
if (!is_authed() && $id == 0) {
return null;
}
$uinfq = getsql()->query("SELECT * FROM `users` WHERE `id`=" . $id);
// Make sure to destroy our session if this user doesn't exist anymore.
if ($uinfq->num_rows == 0 && $id == $_SESSION['id']) {
Header("Location: /logout?accdel");
}
return $uinfq->fetch_object();
}
function display_wad_table($limit = 0)
{
echo "\n<table>\n\t<tr>\n\t\t<th></th>\n\t\t<th>File</th>\n\t\t<th>Size</th>\n\t\t<th>Uploaded by</th>\n\t\t<th>Date and time</th>\n\t\t<th>MD5</th>\n\t</tr>\n";
$db = getsql();
$limitstring = '';
if ($limit > 0) {
$limitstring = " LIMIT {$limit}";
}
$q = $db->query("SELECT * FROM `wads` ORDER BY `time` DESC {$limitstring}");
if ($q->num_rows < 1) {
echo "\n<div id='serversbox'>\n\t<div style='width: 100%; text-align: center'>\n\t\tThere are no WADs uploaded yet.\n\t\t";
if (is_authed()) {
echo "\n\t\t<br />\n\t\tFeel free to upload one from the main WADs page.\n\t\t";
}
echo "\n\t</div>\n</div>\n\t\t\t\t\t";
} elseif ($q->num_rows > 0) {
while ($o = $q->fetch_object()) {
$id = $o->id;
$size = human_filesize(filesize(disciple_json()->serverdata . '/wads/' . $o->filename));
$filename = $o->filename;
$uploader = $o->uploader;
$uploader_name = user_info($uploader)->username;
$time = date('Y-m-d \\a\\t H:i:s', $o->time);
echo "\n<tr id='wadrow-{$id}'>\n\t<td>\n";
if (is_authed()) {
if (user_info()->userlevel >= UL_ADMINISTRATOR || $uploader == $_SESSION['id']) {
echo "<a href='javascript:deleteWad({$id});' title='Delete'><i class='material-icons'>delete</i></a>";
}
if (user_info()->userlevel >= UL_ADMINISTRATOR) {
if ($db->query("SELECT * FROM `wadbans` WHERE `md5`='" . $o->md5 . "'")->num_rows == 0) {
echo "<a href='javascript:banWad({$id});' title='Ban'><i class='material-icons'>not_interested</i></a>";
} else {
echo "<a href='javascript:unbanWad({$id});' title='Unban'><i class='material-icons'>done</i></a>";
}
}
}
echo "\n</td>\n<td><a href='/wads/{$filename}'>{$filename}</a></td>\n<td>{$size}</td>\n<td>{$uploader_name}</td>\n<td>{$time}</td>\n<td id='wadmd5-{$id}'><a href='javascript:wadMd5({$id});'>Show</a></td>\n</tr>\n";
}
echo "</table>";
}
}
} elseif ($call == 'search') {
$s = api_checkarg_post('q');
$db = getsql();
$q = $db->query(sprintf("SELECT id,filename FROM wads WHERE filename LIKE '%%%s%%'", $db->real_escape_string($s)));
if ($q->num_rows < 1) {
echo '[]';
exit;
}
$out = array();
while ($o = $q->fetch_object()) {
array_push($out, array('id' => intval($o->id), 'plain' => $o->filename, 'html' => str_replace($s, "<span class='ul'>{$s}</span>", $o->filename)));
}
Header("Content-Type: text/json");
echo json_encode($out);
} elseif ($call == 'info') {
$id = intval(api_checkarg_post('id'));
$db = getsql();
if ($id == 0) {
api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a number');
}
$q = $db->query(sprintf("SELECT id,filename,md5 FROM wads WHERE id=%d", $id));
if ($q->num_rows < 1) {
api_error(SN_API_CALL_BAD_PARAMETER, 'id is not a valid WAD id');
}
$o = $q->fetch_object();
if (user_info()->userlevel < UL_ADMINISTRATOR && $o->owner != $_SESSION['id']) {
api_error(SN_FORBIDDEN, 'You do not have access to this operation.');
}
Header("Content-Type: text/json");
echo json_encode(array('id' => intval($o->id), 'filename' => $o->filename, 'md5' => $o->md5));
}
public static function get_user_saves($uid)
{
$db = getsql();
$q = $db->query(sprintf("SELECT * FROM `savedservers` WHERE owner='%d'", $db->real_escape_string($uid)));
$r = array();
while ($o = $q->fetch_object()) {
array_push($r, json_decode($o->json));
}
return $r;
}
function newPart($name)
{
global $db;
$id=getsql("select id from Part where id=".getInput("Part"),"id");
$db->query("insert into Part (name,parentID) values ('$name','$id');");
}
function runquery($sqlfile, $DB, $db_prefix, $tablenum = '0', $dbcharset)
{
$sqlfile = "install.sql";
$sql = getsql($sqlfile);
$sql = str_replace("\r", "\n", str_replace('yxb_', ' ' . $db_prefix, $sql));
//替换表前缀
$ret = array();
$num = 0;
foreach (explode(";\n", trim($sql)) as $query) {
//以";\n"分割sql
$queries = explode("\n", trim($query));
foreach ($queries as $query) {
$ret[$num] .= $query[0] == '#' ? '' : $query;
//把#开头的行当作注释
}
$num++;
}
unset($sql);
//销毁变量
foreach ($ret as $query) {
$query = trim($query);
if ($query) {
if (substr($query, 0, 6) == 'CREATE') {
//语句前面12割字符是CREATE TABLE
$name = preg_replace("/CREATE TABLE ([a-z0-9_]+) .*/is", "\\1", $query);
//CREATE TABLE后面紧接着的a到z,0到9范围内字符组成的字符串第一次匹配当作表名
echo '<font color="#0f0dEE"></font>创建表 ' . $name . ' .................................................................................................................................................................... <font color="#0000EE">成功</font><br />';
$DB->query(createtable($query, $dbcharset));
//调用createtable函数
$tablenum++;
//表的数量增加
} else {
$DB->query($query);
//不是CREATE TABLE语句则调用query方法直接执行
}
}
}
}
/**
* @param \yii\db\Query $select
* @param \yii\db\Connection $db
*/
function ddsql(\yii\db\Query $select, $db = null)
{
dd(getsql($select, $db));
}
