<?php /* * CloudLevels, an easy way to share user created level files for video games. * Copyright (C) 2016 Alexander Aquino * * This program is free software: you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation, either version 3 of the License, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for * more details. * * You should have received a copy of the GNU General Public License along with * this program. If not, see <http://www.gnu.org/licenses/>. */ //CloudLevels Logout Page //Header + Vars: $page_title = 'Log Out'; include 'header.php'; //Destroy Session session_destroy(); //Refresh header("Refresh:2;url=index.php"); //Message successbox('You have been logged out.'); //Footer include 'footer.php';
if ($user_type != -1) { errorbox('You do not have permission to view this page.'); include 'footer.php'; exit(0); } //When there is input data if (!empty($_POST["username"])) { //Check if password is correct, index if correct, error otherwise try { $stmt = $db->prepare("\n\t\t\tSELECT id, username, password\n\t\t\tFROM cl_user\n\t\t\tWHERE username = ?"); $stmt->execute(array($_POST["username"])); $result = $stmt->fetchAll(); $passhash = $result[0]['password']; //Compare password hash if (crypt($_POST["password"], $passhash) == $passhash) { successbox('Logging in. Please wait.'); //Session set $_SESSION['uid'] = $result[0]['id']; //Refresh header("Refresh:2;url=index.php"); } else { errorbox('Invalid login information.'); } } catch (PDOException $ex) { errorbox('Something happened.'); } } else { ?> <br> <div class="container">
$stmt->execute(array($_POST["username"])); //If user exists if ($stmt->rowCount() > 0) { errorbox('User already exists.'); } else { //Check if IP address exists $stmt = $db->prepare("\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM cl_user\n\t\t\t\t\tWHERE ip = ?"); $stmt->execute(array($_SERVER['REMOTE_ADDR'])); //If IP address exists if ($stmt->rowCount() > 0) { errorbox('You are only allowed to have one account.'); } else { date_default_timezone_set('America/New_York'); $stmt = $db->prepare("\n\t\t\t\t\t\tINSERT INTO cl_user(username, password, date, ip)\n\t\t\t\t\t\tVALUES(?,?,?,?)"); $stmt->execute(array(htmlspecialchars($_POST["username"]), crypt($_POST["password"]), date("F j, Y"), $_SERVER['REMOTE_ADDR'])); successbox('Your account has been created. Please log in.'); } } } catch (PDOException $ex) { $db->rollBack(); errorbox('Account could not be created. Hit the back button and try again.'); } } } } else { ?> <br> <div class="container"> <div class="row card hoverable"> <span class="col s12 card-title <?php
//Increment upload count $stmt = $db->prepare("\n\t\t\tUPDATE cl_user\n\t\t\tSET uploads = uploads+1\n\t\t\tWHERE id = ?"); $stmt->execute(array($_SESSION['uid'])); //End $db->commit(); } catch (PDOException $ex) { $db->rollBack(); errorbox('Upload failed. Please try again later.'); include 'footer.php'; exit(0); } //Actually upload the files move_uploaded_file($_FILES["file"]["tmp_name"], "data/" . $last_id . ".zip"); move_uploaded_file($_FILES["screenshot"]["tmp_name"], "data/" . $last_id . ".png"); //Success! successbox('File uploaded. Please wait.'); //Refresh header("Refresh:2;url=file.php?id=" . $last_id); } else { ?> <br> <div class="container"> <div class="row card hoverable"> <span class="col s12 card-title <?php echo $theme; ?> white-text center" style="font-size: 200%;">Upload File</span> <form action="upload.php" method="post" enctype="multipart/form-data" class="col s12 m10 l8 offset-m1 offset-l2"> <div class="file-field input-field"> <div class="btn <?php
try { //Check password if ($_POST["password_confirm"] != $_POST["password_new"]) { errorbox('New password and confirm password mismatch.'); } else { //SQL Stuff $stmt = $db->prepare("\n\t\t\t\tSELECT username, password\n\t\t\t\tFROM cl_user\n\t\t\t\tWHERE username = ?"); $stmt->execute(array($user_name)); $result = $stmt->fetchAll(); $passhash = $result[0]['password']; //Compare password hash if (crypt($_POST["password_old"], $passhash) == $passhash) { //SQL Stuff $stmt = $db->prepare("\n\t\t\t\t\tUPDATE cl_user\n\t\t\t\t\tSET password = ?\n\t\t\t\t\tWHERE username = ?"); $stmt->execute(array(crypt($_POST["password_new"]), $user_name)); successbox('Your password has been changed.'); } else { errorbox('Wrong password'); } } } catch (PDOException $ex) { errorbox('Something happened.'); } } ?> <br> <div class="container"> <div class="row card hoverable"> <span class="col s12 card-title <?php echo $theme;
//Modify members if specified if (!empty($_GET["user"])) { if ($_GET["user"] == $user_name) { errorbox('You can not demote yourself!'); } else { //SQL Stuff $stmt = $db->prepare("\n\t\t\t\tUPDATE cl_user\n\t\t\t\tSET usergroup = ?\n\t\t\t\tWHERE username = ?"); $stmt->execute(array($_GET["update"], $_GET["user"])); if ($_GET["update"] == 0) { successbox($_GET["user"] . " is now a regular member."); } else { if ($_GET["update"] == 1) { successbox($_GET["user"] . " has been banned. Good bye!"); } else { if ($_GET["update"] == 2) { successbox($_GET["user"] . " is now an administrator."); } } } } } //Get Member data $append = 'id'; $append2 = ''; if (!empty($_GET["sort"]) && $_GET["sort"] == 'uploaded') { $append = 'uploads'; } if (!empty($_GET["username"])) { $append2 = 'WHERE username = ?'; } $stmt = $db->prepare("\n\t\tSELECT SQL_CALC_FOUND_ROWS *\n\t\tFROM cl_user\n\t\t" . $append2 . "\n\t\tORDER BY " . $append . " DESC\n\t\t" . page_sql_calc(25));
*/ //CloudLevels View All Comments //Header + Vars: $page_title = 'All Comments'; include 'header.php'; //Delete comments if ($user_type == 2 && !empty($_GET["deletecomment"])) { try { $stmt = $db->prepare("\r\n\t\t\t\tDELETE FROM cl_comment\r\n\t\t\t\tWHERE id = ?"); $stmt->execute(array($_GET["deletecomment"])); } catch (PDOException $ex) { errorbox('Something happened.'); include 'footer.php'; exit(0); } successbox('Comment deleted. Please wait.'); header("Location:comments.php"); include 'footer.php'; exit(0); } $comments = null; $num_rows = 0; try { $stmt = $db->prepare("\r\n\t\tSELECT SQL_CALC_FOUND_ROWS *\r\n\t\tFROM cl_comment JOIN cl_user ON cl_comment.author=cl_user.id\r\n\t\tORDER BY cl_comment.id DESC\r\n\t\t" . page_sql_calc(10)); $stmt->execute(); $comments = $stmt->fetchAll(); $num_rows = $db->query('SELECT FOUND_ROWS()')->fetchColumn(); } catch (PDOException $ex) { errorbox('Something happened.'); } ?>
fwrite($configfile, "\$db_password='******';\n"); fwrite($configfile, "\$db_database='" . $db_database . "';\n"); //Write default configuration stuff fwrite($configfile, "\$site_name='" . addslashes($_POST["name"]) . "';\n"); fwrite($configfile, "\$site_desc='" . addslashes($_POST["description"]) . "';\n"); fwrite($configfile, "\$game_url='" . addslashes($_POST["download"]) . "';\n"); fwrite($configfile, "\$file_size_limit='" . addslashes($_POST["file_size"]) . "';\n"); fwrite($configfile, "\$tags='" . addslashes($_POST["tag_list"]) . "';\n"); fwrite($configfile, "\$theme='" . addslashes($_POST["theme"]) . "';\n"); fwrite($configfile, "\$reg_question='" . addslashes($_POST["reg_question"]) . "';\n"); fwrite($configfile, "\$reg_answer='" . addslashes($_POST["reg_answer"]) . "';\n"); //Close file fwrite($configfile, "?>\n"); fclose($configfile); //Message successbox('Settings updated. Please wait.'); //Refresh header("Refresh:2"); } else { ?> <br> <div class="container"> <div class="row card hoverable"> <span class="col s12 card-title <?php echo $theme; ?> white-text center" style="font-size: 200%;">Administrator Control Panel</span> <form action="admin.php" method="post" class="col s12 m10 l8 offset-m1 offset-l2"> <div class="input-field col s12"> <i class="fa fa-commenting-o prefix" aria-hidden="true"></i>