PageRenderTime 38ms CodeModel.GetById 7ms RepoModel.GetById 0ms app.codeStats 0ms

/include/class/class_check.php

https://github.com/Bigjoos/U-232-V2
PHP | 199 lines | 100 code | 25 blank | 74 comment | 17 complexity | 028f6b651473f13d8c8497acb5c63b7a MD5 | raw file
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  *   https://09source.kicks-ass.net:8443/svn/installer09/

    4. 

  4.  *   Licence Info: GPL

    5. 

  5.  *   Copyright (C) 2010 Installer09 v.2

    6. 

  6.  *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.

    7. 

  7.  *   Project Leaders: Mindless,putyn,kidvision.

    8. 

  8.  **/

    9. 

  9. //==include/class_check.php

    10. 

  10. /*

    11. 

  11. class_check by pdq,

    12. 

  12. autopost and 404 idea by Retro, 

    13. 

  13. staff array & auth by system,

    14. 

  14. PIN idea by SirSnuggleBunny.

    15. 

  15. */

    16. 

  16. 

    17. 

  17. /** 

    18. 

  18. // USAGE in staff pages: //

    19. 

  19. // below:

    20. 

  20. dbconn();

    21. 

  21. loggedinorreturn();

    22. 

  22. // add:

    23. 

  23. require_once 'include/class_check.php';

    24. 

  24. class_check(UC_MODERATOR);                // staff class check

    25. 

  25. // require PIN:

    26. 

  26. require_once 'include/class_check.php';

    27. 

  27. class_check(UC_MODERATOR, true, true); // staff class check & require PIN

    28. 

  28. // USAGE in non-staff pages: //

    29. 

  29. require_once 'include/class_check.php';

    30. 

  30. class_check(UC_POWER_USER, false);     // use for non-staff pages

    31. 

  31. // END //

    32. 

  32. **/

    33. 

  33. 

    34. 

  34. if (!defined('TBVERSION')) { //cannot access this file directly

    35. 

  35.     $HTMLOUT='';

    36. 

  36.     $HTMLOUT .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    37. 

  37.         <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

    38. 

  38.         <head>

    39. 

  39.         <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

    40. 

  40.         <title>ERROR</title>

    41. 

  41.         </head><body>

    42. 

  42.         <h1>ERROR</h1>Cannot Access this file directly.

    43. 

  43.         </body></html>';

    44. 

  44. 	echo $HTMLOUT;

    45. 

  45. 	exit();

    46. 

  46. }

    47. 

  47. 

    48. 

  48. /** $class = UC_CLASS_NAME: minimum class required to view page

    49. 

  49.     $staff = true: make sure staff are really staff and have permission to view page 

    50. 

  50.     $pin   = true: require staff PIN

    51. 

  51. **/

    52. 

  52. 

    53. 

  53. function class_check($class = 0, $staff = true, $pin = false) {

    54. 

  54.     global $CURUSER, $INSTALLER09, $mc1;

    55. 

  55. 

    56. 

  56.     /** basic checking **/

    57. 

  57.     if (!$CURUSER) {

    58. 

  58.   	    require_once '404.html';

    59. 

  59.         //die('404');

    60. 

  60. 	    exit();

    61. 

  61.     }

    62. 

  62.     

    63. 

  63.     /** required class check **/

    64. 

  64.     if ($CURUSER['class'] >= $class) {

    65. 

  65.         

    66. 

  66.         /** require correct staff PIN **/

    67. 

  67.         if ($pin) {

    68. 

  68.             

    69. 

  69.             // not allowed staff!

    70. 

  70.             if (!isset($INSTALLER09['staff']['allowed'][$CURUSER['username']])) {

    71. 

  71.   	            require_once '404.html';

    72. 

  72.                 //die('404 - Kiss my aRse !!');

    73. 

  73. 	            exit();

    74. 

  74.             }

    75. 

  75.             

    76. 

  76.             $passed = false;

    77. 

  77.             // have sent a username/pass and are using their own username

    78. 

  78.             if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) 

    79. 

  79.                 && $_SERVER['PHP_AUTH_USER'] === ($CURUSER['username'])) {

    80. 

  80.                     

    81. 

  81.                 // generate a passhash from the sent password

    82. 

  82.                  $hash = md5($INSTALLER09['site']['salt2'].$_SERVER['PHP_AUTH_PW'].$CURUSER['secret']);

    83. 

  83.                  

    84. 

  84.                 // if the password is correct, exit this function

    85. 

  85.                 if (md5($INSTALLER09['site']['salt2'].$INSTALLER09['staff']['staff_pin'].$CURUSER['secret']) === $hash)

    86. 

  86.                     $passed = true;

    87. 

  87.             }

    88. 

  88.             

    89. 

  89.             if (!$passed) {

    90. 

  90.                 // they're not allowed, the username doesn't match their own, the password is

    91. 

  91.                 // wrong or they have not sent user/pass yet so we exit

    92. 

  92.                 header('WWW-Authenticate: Basic realm="Administration"');

    93. 

  93.                 header('HTTP/1.0 401 Unauthorized');

    94. 

  94.                 $HTMLOUT='';

    95. 

  95.                	$HTMLOUT .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    96. 

  96.                       <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

    97. 

  97.                       <head>

    98. 

  98.                       <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

    99. 

  99.                       <title>ERROR</title>

    100. 

  100.                       </head><body>

    101. 

  101.                       <h1 align="center">ERROR</h1><p align="center">Sorry! Access denied!</p>

    102. 

  102.                       </body></html>';

    103. 

  103.             	echo $HTMLOUT;

    104. 

  104.             	exit();

    105. 

  105.             }

    106. 

  106.         } // end PIN

    107. 

  107.         

    108. 

  108.         if ($staff) { // staff class required

    109. 

  109. 

    110. 

  110.             /** do some checking **/

    111. 

  111.             //if ((!valid_class($CURUSER['class'])) || (!isset($INSTALLER09['staff']['allowed'][strtolower($CURUSER['username'])]))) { // failed: illegal access ...

    112. 

  112.             if (($CURUSER['class'] > UC_MAX) || (!isset($INSTALLER09['staff']['allowed'][$CURUSER['username']]))) { // failed: illegal access ...

    113. 

  113.                     

    114. 

  114.                 /** user info **/

    115. 

  115.                 $ip = getip();

    116. 

  116. 

    117. 

  117.                 /** file ban them **/

    118. 

  118.                 // @fclose(@fopen(INCL_DIR.'bans/'.$ip, 'w'));

    119. 

  119.                

    120. 

  120.                 /** SQL ban them **/

    121. 

  121.                 //require_once(INCL_DIR.'bans.php');

    122. 

  122.                 //make_bans($ip, $_SERVER['REMOTE_ADDR'], 'Bad Class. Join IRC for assistance.');

    123. 

  123.                

    124. 

  124.                 /** auto post to forums**/

    125. 

  125.                 $body = sqlesc("User ".$CURUSER['username']." - ".$ip.

    126. 

  126.                                "\n Class ".$CURUSER['class'].

    127. 

  127.                                "\n Current page: ".$_SERVER['PHP_SELF'].

    128. 

  128.                                ", Previous page: ".(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'no referer').

    129. 

  129.                                ", Action: ".$_SERVER['REQUEST_URI'].

    130. 

  130.                                "\n Member has been disabled and demoted by class check system.");

    131. 

  131.                 

    132. 

  132.                 /*

    133. 

  133.                 $body2 = sqlesc("User ".$CURUSER['username']." - ".$ip.

    134. 

  134.                                " Class ".$CURUSER['class'].

    135. 

  135.                                " Current page: ".$_SERVER['PHP_SELF'].

    136. 

  136.                                ", Previous page: ".(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'no referer').

    137. 

  137.                                ", Action: ".$_SERVER['REQUEST_URI'].

    138. 

  138.                                " Member has been disabled and demoted by class check system. - Kill the fuX0r");

    139. 

  139.                             */

    140. 

  140.                 $topicid = (int)$INSTALLER09['staff']['forumid'];

    141. 

  141.                 $added  = time();

    142. 

  142. 

    143. 

  143.                 sql_query("INSERT INTO posts (topic_id, user_id, added, body) ".

    144. 

  144.                 "VALUES($topicid , ".$INSTALLER09['bot_id'].", $added, $body)") or sqlerr(__file__, __line__);

    145. 

  145.     

    146. 

  146.                 /** get mysql_insert_id(); **/

    147. 

  147.                 $res = sql_query("SELECT id FROM posts WHERE topic_id = $topicid 

    148. 

  148.                                   ORDER BY id DESC LIMIT 1") or sqlerr(__file__,__line__);

    149. 

  149.                 $arr = mysql_fetch_row($res) or die('No staff post found');

    150. 

  150.                 

    151. 

  151.                 $postid = $arr[0];

    152. 

  152.                 sql_query("UPDATE topics SET last_post = $postid WHERE id = $topicid") 

    153. 

  153.                     or sqlerr(__file__,__line__);

    154. 

  154.     

    155. 

  155.                 /** PM Owner **/

    156. 

  156.                 $subject = sqlesc('Warning Class Check System!');

    157. 

  157.                 sql_query("INSERT INTO messages (sender, receiver, added, subject, msg) 

    158. 

  158.                 VALUES (0, ".$INSTALLER09['site']['owner'].", $added, $subject, $body)")

    159. 

  159.                     or sqlerr(__file__,__line__);

    160. 

  160.     

    161. 

  161.                 /** punishments **/

    162. 

  162.                 //mysql_query("UPDATE users SET enabled = 'no', class = 1 WHERE id = $CURUSER[id]") or sqlerr(__file__, __line__);

    163. 

  163.                 sql_query("UPDATE users SET class = 1 WHERE id = $CURUSER[id]") or sqlerr(__file__, __line__);

    164. 

  164.                 /** remove caches **/

    165. 

  165.                 $mc1->delete_value('user'.$CURUSER['id']);

    166. 

  166.                 $mc1->delete_value('MyUser_'.$CURUSER['id']);

    167. 

  167.                 //==

    168. 

  168.         

    169. 

  169.                 /** log **/    

    170. 

  170.                 //write_log("<span style='color:#FA0606;'>Class Check System Initialized</span><a href='forums.php?action=viewtopic&amp;topicid=$topicid&amp;page=last#$postid'>VIEW</a>", UC_SYSOP, false);

    171. 

  171.                 write_log('Class Check System Initialized [url='.$INSTALLER09['baseurl'].'/forums.php?action=view_topic&amp;topic_id='.$topicid.'&amp;page=last#'.$postid.']VIEW[/url]');

    172. 

  172.                 //require_once(INCL_DIR.'user_functions.php');

    173. 

  173.                 //autoshout($body2);

    174. 

  174.                 $HTMLOUT='';

    175. 

  175. 	              $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"

    176. 

  176. 		            \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

    177. 

  177. 		            <html xmlns='http://www.w3.org/1999/xhtml'>

    178. 

  178. 		            <head>

    179. 

  179. 		            <title>Error!</title>

    180. 

  180. 		            </head>

    181. 

  181. 		            <body>

    182. 

  182. 	              <div style='font-size:18px;color:black;background-color:red;text-align:center;'>Incorrect access<br />Silly Rabbit - Trix are for kids.. You dont have the correct credentials to be here !</div>

    183. 

  183. 	              </body></html>";

    184. 

  184. 	              echo $HTMLOUT;

    185. 

  185.                 exit();

    186. 

  186.                 //die('No access!'); // give em some Output

    187. 

  187.                 }

    188. 

  188.         }

    189. 

  189.     } else {                       // if less than required class

    190. 

  190.         if (!$staff)               // if not staff page :P

    191. 

  191.             stderr('ERROR', 'No Permission. Page is for '.get_user_class_name($class).'s and above. Read FAQ.');

    192. 

  192.         else {                     // if staff page

    193. 

  193.   	         require_once '404.html';

    194. 

  194.             //die('404');

    195. 

  195. 	        exit();

    196. 

  196.         }

    197. 

  197.     }

    198. 

  198. }

    199. 

  199. ?>
    200.