* PsychoStats is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * PsychoStats is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with PsychoStats. If not, see <http://www.gnu.org/licenses/>. * * Version: $Id: manage.php 389 2008-04-18 15:04:10Z lifo $ */ define("PSYCHOSTATS_PAGE", true); define("PSYCHOSTATS_ADMIN_PAGE", true); include "../includes/common.php"; include "./common.php"; // for now, redirect to the logsources gotopage('logsources.php'); $cms->crumb('Manage', ps_url_wrapper($_SERVER['REQUEST_URI'])); // assign variables to the theme $cms->theme->assign(array('page' => basename(__FILE__, '.php'))); // display the output $basename = basename(__FILE__, '.php'); $cms->theme->add_css('css/2column.css'); $cms->theme->add_css('css/forms.css'); //$cms->theme->add_js('js/jquery.interface.js'); //$cms->theme->add_js('js/forms.js'); $cms->full_page($basename, $basename, $basename . '_header', $basename . '_footer', '');
$validfields = array('gametype', 'modtype', 'overwrite', 'dropdb'); $cms->theme->assign_request_vars($validfields, true); $gametypes = array('cod' => "Call of Duty", 'halflife' => "Half-Life", 'soldat' => "Soldat"); $modtypes = array('cstrike' => "Counter Strike", 'dod' => "Day of Defeat", 'hldm' => "Deathmatch (valve)", 'gungame' => "Gungame", 'natural' => "Natural Selection", 'tf2' => "Team Fortress 2"); $gamesupport = array('halflife' => array('cstrike', 'dod', 'gungame', 'hldm', 'natural', 'tf2'), 'cod' => array(), 'soldat' => array()); // make DB connection load_db_opts(); $db->config(array('dbhost' => $dbhost, 'dbport' => $dbport, 'dbname' => $dbname, 'dbuser' => $dbuser, 'dbpass' => $dbpass, 'dbtblprefix' => $dbtblprefix)); $db->clear_errors(); $db->connect(); if (!$db->connected) { if ($ajax_request) { print "<script type='text/javascript'>window.location = 'go.php?s=db&re=1&install=" . urlencode($install) . "';</script>"; exit; } else { gotopage("go.php?s=db&re=1&install=" . urlencode($install)); } } $allow_next = false; $db_init = false; $errors = array(); $actions = array(); $schema = array(); $defaults = array(); $cms->theme->assign_by_ref('db_init', $db_init); $cms->theme->assign_by_ref('errors', $errors); $cms->theme->assign_by_ref('actions', $actions); // no need to 'overwrite' if we are dropping the database entirely if ($dropdb) { $overwrite = false; }
* * Version: $Id: common.php 539 2008-08-15 19:24:26Z lifo $ */ if (!defined("PSYCHOSTATS_ADMIN_PAGE")) { die("Unauthorized access to " . basename(__FILE__)); } // ADMIN pages need to setup the theme a little differently than the others $opts = array('theme_default' => 'acp', 'theme_opt' => 'admin_theme', 'force_theme' => true, 'in_db' => false, 'template_dir' => dirname(__FILE__) . '/themes', 'theme_url' => 'themes', 'compile_id' => 'admin'); $opts = array_merge($ps->conf['theme'], $opts); // At all costs the admin page should never break due to file permissions. If // the compile directory is not writable we fallback to not saving compiled // themes to disk which is slower. But shouldn't be a big problem since only a // single person is usually accessing the admin page. if ($opts['fetch_compile'] and !is_writable($opts['compile_dir'])) { $opts['fetch_compile'] = false; } $cms->init_theme('acp', $opts); $ps->theme_setup($cms->theme); $cms->crumb('Stats', dirname(dirname(SAFE_PHP_SELF)) . '/'); $cms->crumb('Admin', 'index.php'); $file = basename(PHP_SELF, '.php'); if (!$cms->user->admin_logged_in()) { if (!defined("PSYCHOSTATS_LOGIN_PAGE")) { gotopage(ps_url_wrapper(array('_base' => dirname($_SERVER['SCRIPT_NAME']) . '/login.php', '_ref' => $_SERVER['REQUEST_URI']))); } } // Set flag if the install directory (go script) is still readable by the // webserver. Admins need to remove the install directory after installation. if (is_readable(catfile(dirname(dirname(__FILE__)), 'install', 'go.php'))) { $cms->theme->assign(array('install_dir_insecure' => true, 'install_dir' => catfile(dirname(dirname(__FILE__)), 'install'))); }
*/ define("PSYCHOSTATS_PAGE", true); define("PSYCHOSTATS_ADMIN_PAGE", true); include "../includes/common.php"; include "./common.php"; $cms->theme->assign('page', basename(__FILE__, '.php')); /* ct = conftype we're currently editing. Which can have multiple sections within it q = search query. if spcified, only conf variables that match will be displayed */ $validfields = array('submit', 'cancel', 'new', 'ct', 's', 'q', 'adv'); $cms->theme->assign_request_vars($validfields, true); $message = ''; $cms->theme->assign_by_ref('message', $message); if ($new) { gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'var.php', 'ct' => $ct, 's' => $s))); } if ($cancel) { previouspage(ps_url_wrapper(array('_amp' => '&', '_base' => 'conf.php', 'ct' => $ct, 's' => $s))); } $where = ""; if ($q != '') { $_q = '%' . $ps->db->escape($q) . '%'; $where = "(var LIKE '{$_q}' OR label LIKE '{$_q}' OR help LIKE '{$_q}')"; } // get a list of conftype's available. Ignoring those that only have locked variables within them $list = $ps->db->fetch_rows(1, "SELECT conftype,section " . "FROM {$ps->t_config} " . "WHERE conftype <> 'info' AND locked <> 1 AND var IS NOT NULL " . ($where ? "AND {$where} " : "") . "GROUP BY conftype,section " . "HAVING COUNT(*) > 0 " . "ORDER BY conftype"); $sections = array(); foreach ($list as $c) { if (!$sections[$c['conftype']]) { $sections[$c['conftype']] = array();
if (!array_key_exists($install, $pending)) { $message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Invalid plugin was specified! Only plugins in the pending list can be installed."))); } else { // install the plugin! $err = ''; $ok = $cms->include_plugin_file($pending[$install]['fullfile'], $err); if ($ok and !$err) { // even if there was an error $ok can still be true // create an object for the plugin and load it. $plugin = $pending[$install]['base']; $obj = new $plugin(); if ($info = $obj->install($cms)) { // plugin successfully installed whatever it needed ... // now we install it in the database. if ($cms->install_plugin($plugin, $info)) { gotopage(ps_url_wrapper($PHP_SELF)); } else { $message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Error installing plugin:") . " " . $obj->errstr)); } } else { $message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $obj->errstr ? $obj->errstr : $cms->trans("Plugin failed to install but did not give a reason why. Contact the plugin author for help."))); } } else { $message = $cms->message('failure', array('message_title' => $cms->trans("Plugin Installation Error"), 'message' => $cms->trans("Error loading plugin code!") . $err ? "<br/>\n{$err}" : '')); } } } $total = $ps->db->count($ps->t_plugins); $pager = pagination(array('baseurl' => ps_url_wrapper(array('sort' => $sort, 'order' => $order, 'limit' => $limit)), 'total' => $total, 'start' => $start, 'perpage' => $limit, 'pergroup' => 5, 'separator' => ' ', 'force_prev_next' => true, 'next' => $cms->trans("Next"), 'prev' => $cms->trans("Previous"))); $cms->crumb("Plugins", $PHP_SELF); // assign variables to the theme
if (!in_array($s, $allowed_steps)) { gotopage('index.php'); } } $allow_next = true; $ajax_request = !empty($a) ? true : false; // verify our install key still matches this session // if the install key from the form does not match what is in the option cookie // then we know the user either opened a second install page, or went back // to the install index, which destroyed the previous cookie (and the DB settings) if ($install != $opts['install']) { if ($ajax_request) { print "<script type='text/javascript'>window.location = 'index.php?re=1';</script>"; exit; } else { gotopage("index.php?re=1"); } } $pagename = basename(__FILE__, '.php'); $cms->theme->add_css('css/2column.css'); $cms->theme->add_js("js/go.js"); $cms->theme->add_js("js/go-{$s}.js"); $cms->theme->assign_by_ref('allow_next', $allow_next); $cms->theme->assign_by_ref('dbhost', $dbhost); $cms->theme->assign_by_ref('dbport', $dbport); $cms->theme->assign_by_ref('dbname', $dbname); $cms->theme->assign_by_ref('dbuser', $dbuser); $cms->theme->assign_by_ref('dbpass', $dbpass); $cms->theme->assign_by_ref('dbtblprefix', $dbtblprefix); $cms->theme->assign(array('step' => $s, 'db_connected' => $db->connected, 'is_windows' => strtoupper(substr(PHP_OS, 0, 3)) == 'WIN')); // allow custom code to handle our current progress/event
$search = ''; } } // determine the total players found $total['all'] = $ps->get_total_players(array('allowall' => 1)); if ($results) { $total['ranked'] = $results['result_total']; $total['absolute'] = $results['abs_total']; } else { $total['ranked'] = $ps->get_total_players(array('allowall' => 0)); $total['absolute'] = $total['all']; } // auto-redirect to the exact player matched in the search // if a single player was found. if ($search and $results['abs_total'] == 1 and is_numeric($results['results'])) { gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'player.php', 'id' => $results['results']))); } // fetch stats, etc... $players = $ps->get_player_list(array('results' => $results, 'sort' => $sort, 'order' => $order, 'start' => $start, 'limit' => $limit, 'joinclaninfo' => false)); $baseurl = array('sort' => $sort, 'order' => $order, 'limit' => $limit); if ($search) { $baseurl['search'] = $search; } else { if ($q != '') { $baseurl['q'] = $q; } } $pager = pagination(array('baseurl' => ps_url_wrapper($baseurl), 'total' => $total['ranked'], 'start' => $start, 'perpage' => $limit, 'pergroup' => 5, 'separator' => ' ', 'force_prev_next' => true, 'next' => $cms->trans("Next"), 'prev' => $cms->trans("Previous"))); // build a dynamic table that plugins can use to add custom columns of data $table = $cms->new_table($players); $table->if_no_data($cms->trans("No Players Found"));
function previouspage($alt = NULL) { if ($alt == NULL) { $alt = 'index.php'; } if ($_REQUEST['ref']) { // $ref = (get_magic_quotes_gpc()) ? stripslashes($_REQUEST['ref']) : $_REQUEST['ref']; $ref = $_REQUEST['ref']; gotopage($ref); // jump to previous page, if specified } else { gotopage($alt); } }
$query = sprintf("SELECT id,perm,username,email,password FROM users WHERE username = '******' OR email = '%s'", $conn->real_escape_string($username), $conn->real_escape_string($username)); $result = $conn->query($query); if ($result->num_rows === 0) { check_cond(true, "invalid"); $formattedError .= $errorMappings["invalid"] . "\n"; } else { $data = $result->fetch_assoc(); if (password_verify($password, $data['password'])) { $_SESSION['auth'] = $data['perm']; $_SESSION['uid'] = $data['id']; $_SESSION['un'] = $data['username']; $_SESSION['email'] = $data['email']; if ($useJSON) { echo json_encode(["success" => true, "redirect" => "/"]); } else { gotopage("/"); } exit; } else { check_cond(false, "invalid"); $formattedError .= $errorMappings["invalid"] . "\n"; } } } if ($useJSON) { $mapped = array_filter($errorMappings, function ($key) { global $error; return in_array($key, $error) && !$error[$key]; }, ARRAY_FILTER_USE_KEY); foreach ($mapped as $key => $value) { switch (substr($key, 0, -1)) {
// check privileges to edit this player if (!ps_user_can_edit_player($plr)) { $data = array('message' => $cms->trans("Insufficient privileges to edit player!")); $cms->full_page_err(basename(__FILE__, '.php'), $data); exit; } // delete it, if asked to /* we don't want normal users deleting themselves ... */ if ($cms->user->is_admin() and $del and $id and $plr['plrid'] == $id) { if (!$ps->delete_player($id)) { $data = array('message' => $cms->trans("Error deleting player: " . $ps->db->errstr)); $cms->full_page_err(basename(__FILE__, '.php'), $data); exit; } // don't use previouspage, since chances are the player.php is the referrer and will no longer be valid. gotopage(ps_url_wrapper(array('_amp' => '&', '_base' => 'index.php'))); } /**/ // create the form variables $form = $cms->new_form(); $form->default_modifier('trim'); $form->field('plrname', 'blank'); // 'plrname' is used instead of 'name' to avoid conflicts with some software (nuke) $form->field('email'); $form->field('aim'); $form->field('icq'); $form->field('msn'); $form->field('website'); $form->field('icon'); $form->field('cc'); $form->field('logo');
* along with PsychoStats. If not, see <http://www.gnu.org/licenses/>. * * Version: $Id: login.php 389 2008-04-18 15:04:10Z lifo $ */ define("PSYCHOSTATS_PAGE", true); define("PSYCHOSTATS_ADMIN_PAGE", true); define("PSYCHOSTATS_LOGIN_PAGE", true); include "../includes/common.php"; include "./common.php"; $cms->theme->assign('page', basename(__FILE__, '.php')); $_GET['ref'] = htmlspecialchars($_GET['ref']); //XSS Fix. Thanks to JS2007 $validfields = array('submit', 'cancel', 'ref'); $cms->theme->assign_request_vars($validfields, true); if ($cancel) { gotopage("../index.php"); } elseif ($cms->user->admin_logged_in()) { previouspage('index.php'); } $bad_pw_error = $cms->trans('Invalid username or password'); $form = $cms->new_form(); $form->default_modifier('trim'); $form->default_validator('blank', $cms->trans("This field can not be blank")); $form->field('username', 'user_exists'); $form->field('password'); if ($submit) { $form->validate(); $input = $form->values(); $valid = !$form->has_errors(); // protect against CSRF attacks if ($ps->conf['main']['security']['csrf_protection']) {