function ProcessUserRemove()
{
global $database;
global $current_user;
global $can_delete_users;
$result = new UserRemoveResult();
// only allow users with the required privileges to delete users
if (!$can_delete_users) {
$result->success = false;
$result->error_message = "Your user account does not have sufficient priviledges to delete users.";
return $result;
}
// verify the username has been set
if (!isset($_POST["user_remove"]) || empty($_POST["user_remove"])) {
$result->success = false;
$result->error_message = "No username to remove provided.";
return $result;
}
$result->user_name = $_POST["user_remove"];
// prevent the currently signed in user from being removed
if ($result->user_name === $current_user) {
$result->success = false;
$result->error_message = "You cannot remove the currently logged in user.";
return $result;
}
// if the user removal has been confirmed, remove the user from the database
$result->removal_confirmed = isset($_POST["user_remove_confirm"]);
if ($result->removal_confirmed) {
// check that the user account exists in the database
$user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
$user_read->ExecuteQuery(array($result->user_name));
if (!$user_read->MoveNext()) {
$result->success = false;
$result->error_message = "Matching username not found in the database.";
return $result;
}
// delete the user account from the database
$sql = "DELETE FROM map_server_users WHERE username = ?";
$remove_user_query = $database->prepare($sql);
if ($remove_user_query->execute(array($result->user_name))) {
print_line_inset("User " . $result->user_name . " removed.<br/>", 2);
} else {
print_line_inset("Failed to remove user " . $result->user_name . ".<br/>", 2);
}
}
$result->success = true;
return $result;
}
function GetMapsInFolder($folder)
{
if ($folder == NULL) {
die("ERROR: Path passed to GetFolderMapList is empty.<br/>");
}
// open the maps folder and iterate through its contents
$handle = opendir($folder);
if (!$handle) {
print_line_inset("Failed to open the maps directory.<br/>", 2);
return null;
}
$map_list = array();
while (false !== ($entry = readdir($handle))) {
if (strcmp($entry, ".") == 0 || strcmp($entry, "..") == 0) {
continue;
}
// check the extension of the file (.map, .yelo or .xml)
$file_info = pathinfo($entry);
$file_type = 0;
if (strcmp($file_info["extension"], "map") == 0) {
$file_type = 1;
}
if (strcmp($file_info["extension"], "yelo") == 0) {
$file_type = 1;
}
if (strcmp($file_info["extension"], "xml") == 0) {
$file_type = 2;
}
$file_location = $folder . "/" . $entry;
switch ($file_type) {
case 1:
$map_list[] = new MapFileDetails($file_info["filename"], $file_location, true);
break;
case 2:
if (($map_definition = LoadDefinition($file_location)) != null) {
$map_info = pathinfo($map_definition->name);
$map_list[] = new MapFileDetails($map_info["filename"], $file_location, true);
} else {
continue;
}
break;
default:
continue;
}
}
closedir($handle);
return $map_list;
}
<?php
/*
Yelo: Open Sauce SDK
Halo 1 (CE) Edition
See license\OpenSauce\Halo1_CE for specific license information
*/
include_once "admin/map_database/map_entry_remove_func.php";
if (!$can_delete_map_entries) {
print_line_inset("Your user account does not have sufficient privileges to remove map entries.</br>", 2);
} else {
$file_id_set = isset($_POST['map_entry_remove']) && !empty($_POST['map_entry_remove']);
if (!$file_id_set) {
print_line_inset("No file id provided", 2);
} else {
$map_entry_remove_result = RemoveMapEntry($database, $_POST['map_entry_remove'], $config->map_server->map_compressed_dir);
foreach ($map_entry_remove_result->messages as $value) {
print_line_inset($value . "<br/>", 2);
}
if (!$map_entry_remove_result->success) {
print_line_inset($map_entry_remove_result->error_message, 2);
}
}
}
<?php
}
?>
</tr>
<?php
require_once 'admin/map_database/map_entry_list.php';
$map_entry_list = GetMapEntryList($database);
foreach ($map_entry_list as $value) {
print_line_inset("<tr>", 4);
print_line_inset("<td>" . $value->map_name . "</td>", 5);
print_line_inset("<td>" . $value->map_extension . "</td>", 5);
print_line_inset("<td>" . $value->map_processed . "</td>", 5);
// only preint the delete entry form if the users permissions allow it
if ($can_delete_map_entries) {
print_line_inset("<td>", 5);
print_line_inset("<form name='map_addition_form' method='post' action=''>", 6);
print_line_inset("<div>", 7);
print_line_inset("<input type='hidden' name='map_database'/>", 8);
print_line_inset("<input type='hidden' name='map_entry_remove' value='" . $value->map_file_id . "'/>", 8);
print_line_inset("<input class='form_button_100px' type='submit' value='Remove Entry'/>", 8);
print_line_inset("</div>", 7);
print_line_inset("</form>", 6);
print_line_inset("</td>", 5);
}
print_line_inset("</tr>", 4);
}
?>
</table>
</div>
function ProcessUserAdd()
{
global $database;
global $can_create_users;
$result = new UserAddResult();
if (!$can_create_users) {
$result->success = false;
$result->error_message = "Your user account does not have sufficient priviledges to add new users.";
return $result;
}
$result->user_name = "";
$result->user_can_create_map_entry = false;
$result->user_can_delete_map_entry = false;
$result->user_can_edit_map_entry = false;
$result->user_can_create_users = false;
$result->user_can_delete_users = false;
$result->user_can_edit_users = false;
if (isset($_POST['user_add_username'])) {
$result->user_name = $_POST['user_add_username'];
$result->user_can_create_map_entry = isset($_POST['user_add_can_create_map_entry']);
$result->user_can_delete_map_entry = isset($_POST['user_add_can_delete_map_entry']);
$result->user_can_edit_map_entry = isset($_POST['user_add_can_edit_map_entry']);
$result->user_can_create_users = isset($_POST['user_add_can_create_users']);
$result->user_can_delete_users = isset($_POST['user_add_can_delete_users']);
$result->user_can_edit_users = isset($_POST['user_add_can_edit_users']);
print_line_inset("<h3>Output</h3>", 2);
if (empty($result->user_name)) {
print_line_inset("No username set.<br/><br/>", 2);
} else {
$user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
$user_read->ExecuteQuery(array($result->user_name));
if ($user_read->MoveNext()) {
print_line_inset("An account with that username already exists.<br/><br/>", 2);
} else {
// generate a random password for the new user account
$result->user_password = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 8);
$user_write = new UserWrite($database, "INSERT INTO `map_server_users` ({0}) VALUES ({1})");
$password_hash = new PasswordHash(8, true);
$user_write->username = $result->user_name;
$user_write->password_hash = $password_hash->HashPassword($result->user_password);
if ($result->user_can_create_map_entry) {
$user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
}
if ($result->user_can_delete_map_entry) {
$user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
}
if ($result->user_can_edit_map_entry) {
$user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
}
if ($result->user_can_create_users) {
$user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
}
if ($result->user_can_delete_users) {
$user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
}
if ($result->user_can_edit_users) {
$user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
}
$user_write->ExecuteQuery(NULL);
print_line_inset("New user added!<br/>", 2);
print_line_inset("Username: "******"<br/>", 2);
print_line_inset("Password: "******"<br/>", 2);
print_line_inset("<br/>", 2);
print_line_inset("This password is randomly generated and should be changed by the user.<br/>", 2);
print_line_inset("<br/>", 2);
}
}
}
$result->success = true;
return $result;
}
<?php
/*
Yelo: Open Sauce SDK
Halo 1 (CE) Edition
See license\OpenSauce\Halo1_CE for specific license information
*/
// required to force a refresh of the tables when reloaded
header("Cache-Control: no-store, no-cache, must-revalidate");
set_include_path("*admin include path*");
require_once "admin/common/config.php";
require_once "admin/common/print.php";
require_once "admin/common/user_account.php";
require_once "admin/common/sql_database.php";
require_once "admin/map_database/map_entry_add_func.php";
if (!$can_create_map_entries) {
die("Your user account does not have sufficient privileges to add map entries.");
}
// increase script timeout value
ini_set('max_execution_time', 5000);
$add_map_entry_result = ProcessAddMapEntry();
foreach ($add_map_entry_result->messages as $value) {
print_line_inset($value . "<br/>", 2);
}
if (!$add_map_entry_result->success) {
print_line_inset($add_map_entry_result->error_message, 2);
}
$part_file = $file_info["dirname"] . "/" . $value->name;
// delete the part
if (file_exists($part_file)) {
if (!unlink($part_file)) {
$can_delete_map_entries->success = false;
$can_delete_map_entries->error_message = "Failed to delete file. (" . $part_file . ")";
return $result;
} else {
$result->messages[] = "File deleted successfully. (" . $part_file . ")";
}
} else {
$result->messages[] = "WARNING: File does not exist:" . $part_file . "";
}
}
}
// try and delete the file
if (!unlink($map_file)) {
$result->messages[] = "WARNING: Failed to delete file. (" . $map_file . ")";
} else {
$result->messages[] = "File deleted successfully. (" . $map_file . ")";
}
$result->success = true;
return $result;
}
$map_file_delete_result = ProcessMapFileDelete();
foreach ($map_file_delete_result->messages as $value) {
print_line_inset($value . "<br/>", 2);
}
if (!$map_file_delete_result->success) {
print_line_inset($map_file_delete_result->error_message, 2);
}
function ProcessUserEdit()
{
global $database;
global $current_user;
global $can_edit_users;
$result = new UserEditResult();
// only allow users with the required privileges to delete users
if (!$can_edit_users) {
$result->success = false;
$result->error_message = "Your user account does not have sufficient priviledges to edit users.";
return $result;
}
// verify the username has been set
if (!isset($_POST["user_edit"]) || empty($_POST["user_edit"])) {
$result->success = false;
$result->error_message = "No username to edit provided.";
return $result;
}
$result->user_name = $_POST["user_edit"];
// prevent the currently signed in user from being edited
if ($result->user_name === $current_user) {
$result->success = false;
$result->error_message = "You cannot edit the currently logged in user.";
return $result;
}
$user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
$user_read->ExecuteQuery(array($result->user_name));
if (!$user_read->MoveNext()) {
$result->success = false;
$result->error_message = "Unable to find user in database.";
return $result;
}
$result->user_can_create_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
$result->user_can_delete_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
$result->user_can_edit_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
$result->user_can_create_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
$result->user_can_delete_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
$result->user_can_edit_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
if (isset($_POST['user_edit_save'])) {
$result->user_can_create_map_entry = isset($_POST['user_edit_can_create_map_entry']);
$result->user_can_delete_map_entry = isset($_POST['user_edit_can_delete_map_entry']);
$result->user_can_edit_map_entry = isset($_POST['user_edit_can_edit_map_entry']);
$result->user_can_create_users = isset($_POST['user_edit_can_create_users']);
$result->user_can_delete_users = isset($_POST['user_edit_can_delete_users']);
$result->user_can_edit_users = isset($_POST['user_edit_can_edit_users']);
$user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?");
$user_update->username = $user_read->username;
$user_update->password_hash = $user_read->password_hash;
$user_update->map_database_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
$user_update->user_control_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
if ($result->user_can_create_map_entry) {
$user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
}
if ($result->user_can_delete_map_entry) {
$user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
}
if ($result->user_can_edit_map_entry) {
$user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
}
if ($result->user_can_create_users) {
$user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
}
if ($result->user_can_delete_users) {
$user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
}
if ($result->user_can_edit_users) {
$user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
}
$user_update->ExecuteQuery(array($user_read->username));
print_line_inset("<h3>Output</h3>", 2);
print_line_inset("Changes saved.<br/><br/>", 2);
}
$result->success = true;
return $result;
}
