release 1.3.9
This commit is contained in:
Newcomer1989
254
webinterface/_nav.php
Normal file
254
webinterface/_nav.php
Normal file
@@ -0,0 +1,254 @@
|
||||
<?PHP
|
||||
$job_check = $mysqlcon->query("SELECT * FROM `$dbname`.`job_check`")->fetchAll(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC);
|
||||
if((time() - $job_check['last_update']['timestamp']) < 259200 && !isset($_SESSION[$rspathhex.'upinfomsg'])) {
|
||||
if(!isset($err_msg)) {
|
||||
$err_msg = '<i class="fas fa-info-circle"></i> '.sprintf($lang['upinf2'], date("Y-m-d H:i",$job_check['last_update']['timestamp']), '<i class="fas fa-book"></i> <a href="//ts-ranksystem.com/?changelog" target="_blank">', '</a>'); $err_lvl = 1;
|
||||
$_SESSION[$rspathhex.'upinfomsg'] = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if(!isset($_POST['start']) && !isset($_POST['stop']) && !isset($_POST['restart']) && isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && $_SESSION[$rspathhex.'password'] == $cfg['webinterface_pass']) {
|
||||
if (substr(php_uname(), 0, 7) == "Windows") {
|
||||
if (file_exists(substr(__DIR__,0,-12).'logs\pid')) {
|
||||
$pid = str_replace(array("\r", "\n"), '', file_get_contents(substr(__DIR__,0,-12).'logs\pid'));
|
||||
exec("wmic process where \"processid=".$pid."\" get processid 2>nul", $result);
|
||||
if(isset($result[1]) && is_numeric($result[1])) {
|
||||
$botstatus = 1;
|
||||
} else {
|
||||
$botstatus = 0;
|
||||
}
|
||||
} else {
|
||||
$botstatus = 0;
|
||||
}
|
||||
} else {
|
||||
if (file_exists(substr(__DIR__,0,-12).'logs/pid')) {
|
||||
$check_pid = str_replace(array("\r", "\n"), '', file_get_contents(substr(__DIR__,0,-12).'logs/pid'));
|
||||
$result = str_replace(array("\r", "\n"), '', shell_exec("ps ".$check_pid));
|
||||
if (strstr($result, $check_pid)) {
|
||||
$botstatus = 1;
|
||||
} else {
|
||||
$botstatus = 0;
|
||||
}
|
||||
} else {
|
||||
$botstatus = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($_POST['switchexpert']) && isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && $_SESSION[$rspathhex.'password'] == $cfg['webinterface_pass']) {
|
||||
if ($_POST['switchexpert'] == "check") $cfg['webinterface_advanced_mode'] = 1; else $cfg['webinterface_advanced_mode'] = 0;
|
||||
|
||||
if (($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_advanced_mode','{$cfg['webinterface_advanced_mode']}') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`);")) === false) {
|
||||
print_r($mysqlcon->errorInfo(), true);
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="<?PHP echo $cfg['default_language']; ?>">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="version" content="<?PHP echo $cfg['version_current_using']; ?>">
|
||||
<link rel="icon" href="../tsicons/rs.png">
|
||||
<title>TSN Ranksystem - ts-ranksystem.com</title>
|
||||
<link href="../libs/combined_wi.css?v=<?PHP echo $cfg['version_current_using']; ?>" rel="stylesheet">
|
||||
<script src="../libs/combined_wi.js?v=<?PHP echo $cfg['version_current_using']; ?>"></script>
|
||||
<script>
|
||||
$(function() {
|
||||
var timerid;
|
||||
$("ul.dropdown-menu").on("click", "[data-keepOpenOnClick]", function(e) {
|
||||
e.stopPropagation();
|
||||
});
|
||||
$('#switchexpert').on('switchChange.bootstrapSwitch', function() {
|
||||
$('.expertelement').each(function(i, obj) {
|
||||
$(this).toggleClass("hidden");
|
||||
});
|
||||
clearTimeout(timerid);
|
||||
timerid = setTimeout(function() { $('#autosubmit').submit(); }, 250);
|
||||
});
|
||||
});
|
||||
window.onload = function() {
|
||||
var expert = '<?PHP echo $cfg['webinterface_advanced_mode']; ?>';
|
||||
if(expert == 0) {
|
||||
$('.expertelement').each(function(i, obj) {
|
||||
$(this).toggleClass("hidden");
|
||||
});
|
||||
}
|
||||
};
|
||||
</script>
|
||||
<body>
|
||||
<div id="wrapper">
|
||||
<nav class="navbar navbar-inverse navbar-fixed-top">
|
||||
<div class="navbar-header">
|
||||
<a class="navbar-brand" href="index.php">TSN Ranksystem - Webinterface <?PHP echo $cfg['version_current_using'];?></a>
|
||||
<?PHP if(isset($_SESSION[$rspathhex.'newversion']) && version_compare($_SESSION[$rspathhex.'newversion'], $cfg['version_current_using'], '>') && $_SESSION[$rspathhex.'newversion'] != '') {
|
||||
echo '<a class="navbar-brand" href="//ts-ranksystem.com/?changelog" target="_blank">'.$lang['winav9'].' ['.$_SESSION[$rspathhex.'newversion'].']</a>';
|
||||
} ?>
|
||||
</div>
|
||||
<?PHP if(basename($_SERVER['SCRIPT_NAME']) == "stats.php") { ?>
|
||||
<ul class="nav navbar-left top-nav">
|
||||
<li class="navbar-form navbar-right">
|
||||
<button onclick="window.open('../stats/list_rankup.php?admin=true','_blank'); return false;" class="btn btn-primary" name="adminlist">
|
||||
<i class="fas fa-list"></i> <?PHP echo $lang['wihladm']; ?>
|
||||
</button>
|
||||
</li>
|
||||
</ul>
|
||||
<?PHP } ?>
|
||||
<ul class="nav navbar-right top-nav">
|
||||
<?PHP
|
||||
if(isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && $_SESSION[$rspathhex.'password'] == $cfg['webinterface_pass']) { ?>
|
||||
<li class="dropdown">
|
||||
<a href="" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-user"></i> <?PHP echo $_SESSION[$rspathhex.'username']; ?> <b class="caret"></b></a>
|
||||
<ul class="dropdown-menu">
|
||||
<li class="navbar-form">
|
||||
<form method="post" id="autosubmit">
|
||||
<?PHP
|
||||
if($cfg['webinterface_advanced_mode'] == 1) {
|
||||
echo '<input name="switchexpert" value="0" type="hidden">';
|
||||
echo '<input class="switch-animate" id="switchexpert" name="switchexpert" value="checked" type="checkbox" data-size="mini" data-label-text="Expert Mode" checked>';
|
||||
} else {
|
||||
echo '<input class="switch-animate" id="switchexpert" name="switchexpert" value="check" type="checkbox" data-size="mini" data-label-text="Expert Mode">';
|
||||
}
|
||||
?>
|
||||
</form>
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
<?PHP if($_SERVER['SERVER_PORT'] == 443 || $_SERVER['SERVER_PORT'] == 80) {
|
||||
echo '<li><a href="//',$_SERVER['SERVER_NAME'],substr(dirname($_SERVER['SCRIPT_NAME']),0,-12),'stats/"><i class="fas fa-chart-bar"></i> ',$lang['winav6'],'</a></li>';
|
||||
} else {
|
||||
echo '<li><a href="//',$_SERVER['SERVER_NAME'],':',$_SERVER['SERVER_PORT'],substr(dirname($_SERVER['SCRIPT_NAME']),0,-12),'stats/"><i class="fas fa-chart-bar"></i> ',$lang['winav6'],'</a></li>';
|
||||
} ?>
|
||||
<li>
|
||||
<a href="changepassword.php"><i class="fas fa-key"></i> <?PHP echo $lang['pass2']; ?></a>
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
<li>
|
||||
<form method="post" id="logout">
|
||||
<div class="form-group">
|
||||
<button type="submit" name="logout" class="btn btn-primary btn-sm btn-block"><span class="fas fa-sign-out-alt" aria-hidden="true"></span> <?PHP echo $lang['wilogout']; ?></button>
|
||||
</div>
|
||||
</form>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<?PHP } elseif($_SERVER['SERVER_PORT'] == 443 || $_SERVER['SERVER_PORT'] == 80) {
|
||||
echo '<li><a href="//',$_SERVER['SERVER_NAME'],substr(dirname($_SERVER['SCRIPT_NAME']),0,-12),'stats/"><i class="fas fa-chart-bar"></i> ',$lang['winav6'],'</a></li>';
|
||||
} else {
|
||||
echo '<li><a href="//',$_SERVER['SERVER_NAME'],':',$_SERVER['SERVER_PORT'],substr(dirname($_SERVER['SCRIPT_NAME']),0,-12),'stats/"><i class="fas fa-chart-bar"></i> ',$lang['winav6'],'</a></li>';
|
||||
} ?>
|
||||
<li class="dropdown">
|
||||
<a href="" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-globe-europe"></i> <b class="caret"></b></a>
|
||||
<ul class="dropdown-menu">
|
||||
<?PHP
|
||||
if(is_dir(substr(__DIR__,0,-12).'languages/')) {
|
||||
foreach(scandir(substr(__DIR__,0,-12).'languages/') as $file) {
|
||||
if ('.' === $file || '..' === $file || is_dir($file)) continue;
|
||||
$sep_lang = preg_split("/[._]/", $file);
|
||||
if(isset($sep_lang[0]) && $sep_lang[0] == 'core' && isset($sep_lang[1]) && strlen($sep_lang[1]) == 2 && isset($sep_lang[4]) && strtolower($sep_lang[4]) == 'php') {
|
||||
echo '<li><a href="?lang='.$sep_lang[1].'"><span class="flag-icon flag-icon-'.$sep_lang[3].'"></span> '.strtoupper($sep_lang[1]).' - '.$sep_lang[2].'</a></li>';
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="collapse navbar-collapse">
|
||||
<ul class="nav navbar-nav side-nav">
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "ts.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="ts.php"><i class="fas fa-headset"></i> <?PHP echo $lang['winav1']; ?></a>
|
||||
</li>
|
||||
<?PHP
|
||||
if ((array_key_exists('webinterface_fresh_installation', $cfg) && $cfg['webinterface_fresh_installation'] != 1) || !array_key_exists('webinterface_fresh_installation', $cfg)) {
|
||||
echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "db.php" ? ' class="active expertelement">' : ' class="expertelement">'); ?>
|
||||
<a href="db.php"><i class="fas fa-database"></i> <?PHP echo $lang['winav2']; ?></a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="javascript:;" data-toggle="collapse" data-target="#rank"><i class="fas fa-hourglass-half"></i> <?PHP echo $lang['stmy0002']; ?> <i class="fas fa-caret-down"></i></a>
|
||||
<?PHP echo '<ul id="rank" class="'.(basename($_SERVER['SCRIPT_NAME']) == "core.php" || basename($_SERVER['SCRIPT_NAME']) == "rank.php" || basename($_SERVER['SCRIPT_NAME']) == "boost.php" || basename($_SERVER['SCRIPT_NAME']) == "except.php" ? 'in collapse">' : 'collapse">'); ?>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "core.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="core.php" class="active"><i class="fas fa-cogs"></i> <?PHP echo $lang['winav3']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "rank.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="rank.php" class="active"><i class="fas fa-list-ol"></i> <?PHP echo $lang['stmy0002']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "except.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="except.php" class="active"><i class="fas fa-ban"></i> <?PHP echo $lang['wiexcept']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "boost.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="boost.php"><i class="fas fa-rocket"></i> <?PHP echo $lang['wiboost']; ?></a>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "other.php" ? ' class="active expertelement">' : ' class="expertelement">'); ?>
|
||||
<a href="other.php"><i class="fas fa-wrench"></i> <?PHP echo $lang['winav4']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "msg.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="msg.php"><i class="fas fa-envelope"></i> <?PHP echo $lang['winav5']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "stats.php" ? ' class="active expertelement">' : ' class="expertelement">'); ?>
|
||||
<a href="stats.php"><i class="fas fa-chart-bar"></i> <?PHP echo $lang['winav6']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "ranklist.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="ranklist.php"><i class="fas fa-list"></i> <?PHP echo $lang['stnv0029']; ?></a>
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
<li>
|
||||
<a href="javascript:;" data-toggle="collapse" data-target="#addons"><i class="fas fa-puzzle-piece"></i> <?PHP echo $lang['winav12']; ?> <i class="fas fa-caret-down"></i></a>
|
||||
<?PHP echo '<ul id="addons" class="'.(basename($_SERVER['SCRIPT_NAME']) == "addon_assign_groups.php" || basename($_SERVER['SCRIPT_NAME']) == "api.php" ? 'in collapse">' : 'collapse">'); ?>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "api.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="api.php"><i class="fas fa-microchip"></i> <?PHP echo $lang['api']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "addon_assign_groups.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="addon_assign_groups.php" class="active"><i class="fas fa-user-plus"></i> <?PHP echo $lang['stag0001']; ?></a>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
<li>
|
||||
<a href="javascript:;" data-toggle="collapse" data-target="#admin"><i class="fas fa-users"></i> <?PHP echo $lang['winav7']; ?> <i class="fas fa-caret-down"></i></a>
|
||||
<?PHP echo '<ul id="admin" class="'.(basename($_SERVER['SCRIPT_NAME']) == "admin_addtime.php" || basename($_SERVER['SCRIPT_NAME']) == "admin_remtime.php" || basename($_SERVER['SCRIPT_NAME']) == "reset.php" ? 'in collapse">' : 'collapse">'); ?>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "admin_addtime.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="admin_addtime.php"><i class="fas fa-plus"></i> <?PHP echo $lang['wihladm1']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "admin_remtime.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="admin_remtime.php"><i class="fas fa-minus"></i> <?PHP echo $lang['wihladm2']; ?></a>
|
||||
</li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "reset.php" ? ' class="active expertelement">' : ' class="expertelement">'); ?>
|
||||
<a href="reset.php"><i class="fas fa-sync"></i> <?PHP echo $lang['wihladm3']; ?></a>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
<?PHP
|
||||
} ?>
|
||||
<li class="divider"></li>
|
||||
<?PHP echo '<li'.(basename($_SERVER['SCRIPT_NAME']) == "bot.php" ? ' class="active">' : '>'); ?>
|
||||
<a href="bot.php"><i class="fas fa-power-off"></i> <?PHP echo $lang['winav8']; ?></a>
|
||||
</li>
|
||||
<?PHP
|
||||
if(isset($botstatus)) {
|
||||
echo '<li class="divider"></li>';
|
||||
if($botstatus == 1) {
|
||||
echo '<li><div class="btn-group-justified alertbot alert-success" style="width:100%;"><i class="fas fa-check"></i> '.$lang['boton'].'</div></li>';
|
||||
} else {
|
||||
echo '<li><div class="btn-group-justified alertbot alert-info" style="width:100%;"><i class="fas fa-times"></i> '.$lang['botoff'].'</div></li>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
</div>
|
||||
</nav>
|
||||
<?PHP
|
||||
if($cfg['webinterface_admin_client_unique_id_list'] == NULL && isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && !isset($err_msg) && $cfg['webinterface_fresh_installation'] != 1) {
|
||||
$err_msg = $lang['winav11']; $err_lvl = 2;
|
||||
}
|
||||
|
||||
if(!isset($_SERVER['HTTPS']) && !isset($err_msg) || isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "on" && !isset($err_msg)) {
|
||||
$host = "<a href=\"https://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."\">";
|
||||
$err_msg = sprintf($lang['winav10'], $host,'</a>!<br>', '<br>'); $err_lvl = 2;
|
||||
}
|
||||
?>
|
||||
89
webinterface/_preload.php
Normal file
89
webinterface/_preload.php
Normal file
@@ -0,0 +1,89 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
$prot = 'https';
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
} else {
|
||||
$prot = 'http';
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/phpcommand.php');
|
||||
|
||||
function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
|
||||
if($loglevel > $cfg['logs_debug_level']) return;
|
||||
$file = $cfg['logs_path'].'ranksystem.log';
|
||||
switch ($loglevel) {
|
||||
case 1: $loglevel = " CRITICAL "; break;
|
||||
case 2: $loglevel = " ERROR "; break;
|
||||
case 3: $loglevel = " WARNING "; break;
|
||||
case 4: $loglevel = " NOTICE "; break;
|
||||
case 5: $loglevel = " INFO "; break;
|
||||
case 6: $loglevel = " DEBUG "; break;
|
||||
default:$loglevel = " NONE ";
|
||||
}
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
|
||||
fclose($loghandle);
|
||||
if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
|
||||
fclose($loghandle);
|
||||
$file2 = "$file.old";
|
||||
if(file_exists($file2)) unlink($file2);
|
||||
rename($file, $file2);
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n");
|
||||
fclose($loghandle);
|
||||
}
|
||||
}
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
function error_handling($msg,$type = NULL) {
|
||||
switch ($type) {
|
||||
case NULL: echo '<div class="alert alert-success alert-dismissible">'; break;
|
||||
case 1: echo '<div class="alert alert-info alert-dismissible">'; break;
|
||||
case 2: echo '<div class="alert alert-warning alert-dismissible">'; break;
|
||||
case 3: echo '<div class="alert alert-danger alert-dismissible">'; break;
|
||||
}
|
||||
echo '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>',$msg,'</div>';
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (basename($_SERVER['SCRIPT_NAME']) != "index.php" && basename($_SERVER['SCRIPT_NAME']) != "resetpassword.php" && (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip())) {
|
||||
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
?>
|
||||
@@ -1,54 +1,10 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/load_addons_config.php');
|
||||
|
||||
$addons_config = load_addons_config($mysqlcon,$lang,$cfg,$dbname);
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
@@ -140,12 +96,12 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']]) && isset($_
|
||||
$assign_groups_groupids = explode(',', $addons_config['assign_groups_groupids']['value']);
|
||||
foreach ($groupslist as $groupID => $groupParam) {
|
||||
if (in_array($groupID, $assign_groups_groupids)) $selected=" selected"; else $selected="";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']; else $iconid="placeholder";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']."."; else $iconid="placeholder.png";
|
||||
if ($groupParam['type'] == 0 || $groupParam['type'] == 2) $disabled=" disabled"; else $disabled="";
|
||||
if ($groupParam['type'] == 0) $grouptype=" [TEMPLATE GROUP]"; else $grouptype="";
|
||||
if ($groupParam['type'] == 2) $grouptype=" [QUERY GROUP]";
|
||||
if ($groupID != 0) {
|
||||
echo '<option data-content=" <img src=\'../tsicons/',$iconid,'.',$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
echo '<option data-content=" <img src=\'../tsicons/',$iconid,$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -1,50 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -89,6 +45,8 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
$allinsertdata = substr($allinsertdata, 0, -1);
|
||||
if($mysqlcon->exec("INSERT INTO `$dbname`.`admin_addtime` (`uuid`,`timestamp`,`timecount`) VALUES $allinsertdata;") === false) {
|
||||
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
|
||||
} elseif($mysqlcon->exec("UPDATE `$dbname`.`job_check` SET `timestamp`=1 WHERE `job_name`='reload_trigger'; ") === false) {
|
||||
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
|
||||
} else {
|
||||
$err_msg = substr($succmsg,0,-4); $err_lvl = NULL;
|
||||
}
|
||||
|
||||
@@ -1,50 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -90,6 +46,8 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
$allinsertdata = substr($allinsertdata, 0, -1);
|
||||
if($mysqlcon->exec("INSERT INTO `$dbname`.`admin_addtime` (`uuid`,`timestamp`,`timecount`) VALUES $allinsertdata;") === false) {
|
||||
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
|
||||
} elseif($mysqlcon->exec("UPDATE `$dbname`.`job_check` SET `timestamp`=1 WHERE `job_name`='reload_trigger'; ") === false) {
|
||||
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
|
||||
} else {
|
||||
$err_msg = substr($succmsg,0,-4); $err_lvl = NULL;
|
||||
}
|
||||
|
||||
234
webinterface/api.php
Normal file
234
webinterface/api.php
Normal file
@@ -0,0 +1,234 @@
|
||||
<?PHP
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
}
|
||||
|
||||
if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
}
|
||||
|
||||
if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
$stats_api_keys = $err_msg = "";
|
||||
|
||||
if (isset($_POST['apikey']) && isset($_POST['desc'])) {
|
||||
$apidefinition = [];
|
||||
foreach($_POST['apikey'] as $rowid => $apikey) {
|
||||
$desc = isset($_POST["desc"][$rowid]) ? $_POST["desc"][$rowid] : null;
|
||||
$apidefinition[] = "$apikey=>$desc";
|
||||
}
|
||||
|
||||
$stats_api_keys = implode(",", $apidefinition);
|
||||
|
||||
$cfg['stats_api_keys'] = $stats_api_keys;
|
||||
}
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('stats_api_keys','{$cfg['stats_api_keys']}') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`); DELETE FROM `$dbname`.`csrf_token` WHERE `token`='{$_POST['csrf_token']}'") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
} else {
|
||||
$err_msg = $lang['wisvsuc'];
|
||||
$err_lvl = NULL;
|
||||
}
|
||||
|
||||
if(empty($stats_api_keys)) {
|
||||
$cfg['stats_api_keys'] = NULL;
|
||||
} else {
|
||||
$keyarr = explode(',', $stats_api_keys);
|
||||
foreach ($keyarr as $entry) {
|
||||
list($key, $value) = explode('=>', $entry);
|
||||
$addnewvalue[$key] = $value;
|
||||
$cfg['stats_api_keys'] = $addnewvalue;
|
||||
}
|
||||
}
|
||||
} elseif(isset($_POST['update'])) {
|
||||
echo '<div class="alert alert-danger alert-dismissible">',$lang['errcsrf'],'</div>';
|
||||
rem_session_ts3($rspathhex);
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
<div id="page-wrapper">
|
||||
<?PHP if(isset($err_msg)) error_handling($err_msg, $err_lvl); ?>
|
||||
<div class="container-fluid">
|
||||
|
||||
<form class="form-horizontal" data-toggle="validator" name="update" method="POST" id="new">
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<h1 class="page-header">
|
||||
<span><?php echo $lang['api'],' ',$lang['wihlset']; ?></span>
|
||||
</h1>
|
||||
</div>
|
||||
</div>
|
||||
<input type="hidden" name="csrf_token" value="<?PHP echo $csrf_token; ?>">
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<div class="form-group">
|
||||
<label class="col-sm-12 pointer" data-toggle="modal" data-target="#wiapidesc"><?php echo $lang['wihladm0']; ?><i class="help-hover fas fa-question-circle"></i></label>
|
||||
<div class="panel-body">
|
||||
<div class="row"> </div>
|
||||
<div class="row"> </div>
|
||||
<div class="form-group">
|
||||
<div class="col-sm-5">
|
||||
<b><?php echo $lang['apikey'] ?></b>
|
||||
</div>
|
||||
<div class="col-sm-6">
|
||||
<b><?php echo $lang['descr']; ?></b>
|
||||
</div>
|
||||
<div class="col-sm-1"></div>
|
||||
</div>
|
||||
<div class="form-group hidden" name="template">
|
||||
<div class="col-sm-4">
|
||||
<input type="text" data-pattern="^[a-zA-Z0-9]{1,64}$" data-error="No special characters allowed and maximum 64 characters!" maxlength="64" class="form-control" name="tempapikey[]" value="<?PHP $apikey= bin2hex(openssl_random_pseudo_bytes(32)); echo $apikey; ?>">
|
||||
<div class="help-block with-errors"></div>
|
||||
</div>
|
||||
<div class="col-sm-1 text-left"></div>
|
||||
<div class="col-sm-6">
|
||||
<input type="text" data-pattern="^[^,=>]{1,128}$" data-error="No comma, equal sign or greater-than sign allowed and maximum 128 characters!" maxlength="128" class="form-control" name="tempdesc[]" value="" placeholder="set a description..">
|
||||
<div class="help-block with-errors"></div>
|
||||
</div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;" title="delete line"></i></div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
<?PHP
|
||||
foreach($cfg['stats_api_keys'] as $apikey => $desc) {
|
||||
?>
|
||||
<div class="form-group" name="apidef">
|
||||
<div class="col-sm-4">
|
||||
<input type="text" data-pattern="^[a-zA-Z0-9]{1,64}$" data-error="No special characters allowed and maximum 64 characters!" maxlength="64" class="form-control" name="apikey[]" value="<?PHP echo $apikey; ?>">
|
||||
<div class="help-block with-errors"></div>
|
||||
</div>
|
||||
<div class="col-sm-1 text-left">
|
||||
<i class="fas fa-link" onclick="openurl('../api/?apikey=<?PHP echo $apikey; ?>')" style="margin-top:10px;cursor:pointer;" title="open URL"></i>
|
||||
<i class="fas fa-copy" onclick="copyurl('<?PHP echo $_SERVER['SERVER_NAME'],substr(dirname($_SERVER['SCRIPT_NAME']),0,-12),'api/?apikey=',$apikey; ?>')" style="margin-top:10px;cursor:pointer;" title="copy URL to clipboard"></i>
|
||||
</div>
|
||||
<div class="col-sm-6">
|
||||
<input type="text" data-pattern="^[^,=>]{1,128}$" data-error="No comma, equal sign or greater-than sign allowed and maximum 128 characters!" maxlength="128" class="form-control" name="desc[]" value="<?PHP echo $desc; ?>" placeholder="set a description..">
|
||||
<div class="help-block with-errors"></div>
|
||||
</div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;" title="delete line"></i></div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
<?PHP
|
||||
}
|
||||
?>
|
||||
<div class="form-group" id="addapikey">
|
||||
<?PHP
|
||||
if(!isset($cfg['stats_api_keys'])) {
|
||||
echo '<div class="col-sm-11"><div id="noentry"><i>',$lang['wiboostempty'],'</i></div></div>';
|
||||
} else {
|
||||
echo '<div class="col-sm-11"></div>';
|
||||
}?>
|
||||
<div class="col-sm-1 text-center">
|
||||
<span class="d-inline-block" ata-toggle="tooltip" title="Add new line">
|
||||
<button class="btn btn-primary" onclick="addapikey()" style="margin-top: 5px;" type="button"><i class="fas fa-plus"></i></button>
|
||||
</span>
|
||||
</div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row"> </div>
|
||||
<div class="row">
|
||||
<div class="text-center">
|
||||
<button type="submit" class="btn btn-primary" name="update"><i class="fas fa-save"></i> <?php echo $lang['wisvconf']; ?></button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row"> </div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="modal fade" id="wiapidesc" tabindex="-1">
|
||||
<div class="modal-dialog">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
|
||||
<h4 class="modal-title"><?php echo $lang['api']; ?></h4>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<?php
|
||||
$host = "<a href=\"//".$_SERVER['HTTP_HOST'].substr(rtrim(dirname($_SERVER['PHP_SELF']), '/\\'),0,-12)."api\" target=\"_blank\">".$_SERVER['HTTP_HOST'].substr(rtrim(dirname($_SERVER['PHP_SELF']), '/\\'),0,-12)."api</a>";
|
||||
echo sprintf($lang['wiapidesc'], $host); ?>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-default" data-dismiss="modal"><?PHP echo $lang['stnv0002']; ?></button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
$('form[data-toggle="validator"]').validator({
|
||||
custom: {
|
||||
pattern: function ($el) {
|
||||
var pattern = new RegExp($el.data('pattern'));
|
||||
return pattern.test($el.val());
|
||||
}
|
||||
},
|
||||
delay: 100,
|
||||
errors: {
|
||||
pattern: "There should be an error in your value, please check all could be right!"
|
||||
}
|
||||
});
|
||||
function addapikey() {
|
||||
var $clone = $("div[name='template']").last().clone();
|
||||
$clone.removeClass("hidden");
|
||||
$clone.attr('name','apidef');
|
||||
$clone.insertBefore("#addapikey");
|
||||
$("input[name='tempapikey[]']").last().attr('name', 'apikey[]');
|
||||
$("input[name='tempdesc[]']").last().attr('name', 'desc[]');
|
||||
$('.delete').removeClass("hidden");
|
||||
if (document.contains(document.getElementById("noentry"))) {
|
||||
document.getElementById("noentry").remove();
|
||||
}
|
||||
|
||||
var newapikey = {
|
||||
_pattern : /[a-z0-9]/,
|
||||
_getRandomByte : function() {
|
||||
if(window.crypto && window.crypto.getRandomValues) {
|
||||
var result = new Uint8Array(1);
|
||||
window.crypto.getRandomValues(result);
|
||||
return result[0];
|
||||
} else if(window.msCrypto && window.msCrypto.getRandomValues) {
|
||||
var result = new Uint8Array(1);
|
||||
window.msCrypto.getRandomValues(result);
|
||||
return result[0];
|
||||
} else {
|
||||
return Math.floor(Math.random() * 256);
|
||||
}
|
||||
},
|
||||
|
||||
generate : function(length) {
|
||||
return Array.apply(null, {'length': length})
|
||||
.map(function() {
|
||||
var result;
|
||||
while(true) {
|
||||
result = String.fromCharCode(this._getRandomByte());
|
||||
if(this._pattern.test(result)) {
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}, this)
|
||||
.join('');
|
||||
}
|
||||
};
|
||||
$("input[name='apikey[]']").last().attr('value', newapikey.generate(64));
|
||||
};
|
||||
$(document).on("click", ".delete", function(){
|
||||
$(this).parent().remove();
|
||||
});
|
||||
function openurl(url) {
|
||||
window.open(url,'_blank');
|
||||
}
|
||||
function copyurl(url) {
|
||||
navigator.clipboard.writeText(url).then(function() { });
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -223,12 +180,12 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<select class="selectpicker show-tick form-control" data-live-search="true" name="tempboostgroup[]">
|
||||
<?PHP
|
||||
foreach ($groupslist as $groupID => $groupParam) {
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']; else $iconid="placeholder";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']."."; else $iconid="placeholder.png";
|
||||
if($groupParam['type'] == 0 || $groupParam['type'] == 2) $disabled=" disabled"; else $disabled="";
|
||||
if($groupParam['type'] == 0) $grouptype=" [TEMPLATE GROUP]"; else $grouptype="";
|
||||
if($groupParam['type'] == 2) $grouptype=" [QUERY GROUP]";
|
||||
if ($groupID != 0) {
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,'.',$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$disabled,'></option>';
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$disabled,'></option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -241,7 +198,7 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<div class="col-sm-3">
|
||||
<input type="text" class="form-control boostduration" name="tempboostduration[]" value="600">
|
||||
</div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;"></i></div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;" title="delete line"></i></div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
<?PHP
|
||||
@@ -254,12 +211,12 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<?PHP
|
||||
foreach ($groupslist as $groupID => $groupParam) {
|
||||
if ($groupID == $boost['group']) $selected=" selected"; else $selected="";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']; else $iconid="placeholder";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']."."; else $iconid="placeholder.png";
|
||||
if ($groupParam['type'] == 0 || $groupParam['type'] == 2) $disabled=" disabled"; else $disabled="";
|
||||
if ($groupParam['type'] == 0) $grouptype=" [TEMPLATE GROUP]"; else $grouptype="";
|
||||
if ($groupParam['type'] == 2) $grouptype=" [QUERY GROUP]";
|
||||
if ($groupID != 0) {
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,'.',$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -272,7 +229,7 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<div class="col-sm-3">
|
||||
<input type="text" class="form-control boostduration" name="boostduration[]" value="<?PHP echo $boost['time']; ?>">
|
||||
</div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;"></i></div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;" title="delete line"></i></div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
<?PHP
|
||||
@@ -288,7 +245,7 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
}?>
|
||||
<div class="col-sm-1 text-center">
|
||||
<span class="d-inline-block" ata-toggle="tooltip" title="Add new line">
|
||||
<button class="btn btn-primary" style="margin-top: 5px;" type="button"><i class="fas fa-plus"></i></button>
|
||||
<button class="btn btn-primary" onclick="addboostgroup()" style="margin-top: 5px;" type="button"><i class="fas fa-plus"></i></button>
|
||||
</span>
|
||||
</div>
|
||||
<div class="col-sm-2"></div>
|
||||
@@ -416,7 +373,7 @@ $(".boostfactor").TouchSpin({
|
||||
verticalbuttons: true,
|
||||
prefix: '<i class="fas fa-times"></i>:'
|
||||
});
|
||||
$("#addboostgroup").click(function(){
|
||||
function addboostgroup() {
|
||||
var $clone = $("div[name='template']").last().clone();
|
||||
$clone.removeClass("hidden");
|
||||
$clone.attr('name','boostgroup');
|
||||
@@ -431,9 +388,9 @@ $("#addboostgroup").click(function(){
|
||||
document.getElementById("noentry").remove();
|
||||
}
|
||||
$clone.find('.bootstrap-touchspin').replaceWith(function() { return $('input', this); });;
|
||||
$clone.find('.boostfactor').TouchSpin({min: 0,max: 999999999,decimals: 9,step: 0.000000001,verticalbuttons: true,prefix: '×:'});
|
||||
$clone.find('.boostfactor').TouchSpin({min: 0,max: 999999999,decimals: 9,step: 0.000000001,verticalbuttons: true,prefix: '<i class="fas fa-times"></i>:'});
|
||||
$clone.find('.boostduration').TouchSpin({min: 1,max: 999999999,verticalbuttons: true,prefix: 'Sec.:'});
|
||||
});
|
||||
};
|
||||
$(document).on("click", ".delete", function(){
|
||||
$(this).parent().remove();
|
||||
});
|
||||
|
||||
@@ -1,36 +1,5 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/phpcommand.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
require_once('_preload.php');
|
||||
|
||||
function getlog($cfg,$number_lines,$filters,$filter2,$inactivefilter = NULL) {
|
||||
$lines=array();
|
||||
@@ -162,21 +131,7 @@ if (!isset($_SESSION[$rspathhex.'logfilter'])) {
|
||||
|
||||
$filters = explode(',', ($_SESSION[$rspathhex.'logfilter'].'NONE'));
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,82 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/phpcommand.php');
|
||||
|
||||
function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
|
||||
if($loglevel > $cfg['logs_debug_level']) return;
|
||||
$file = $cfg['logs_path'].'ranksystem.log';
|
||||
if ($loglevel == 1) {
|
||||
$loglevel = " CRITICAL ";
|
||||
} elseif ($loglevel == 2) {
|
||||
$loglevel = " ERROR ";
|
||||
} elseif ($loglevel == 3) {
|
||||
$loglevel = " WARNING ";
|
||||
} elseif ($loglevel == 4) {
|
||||
$loglevel = " NOTICE ";
|
||||
} elseif ($loglevel == 5) {
|
||||
$loglevel = " INFO ";
|
||||
} elseif ($loglevel == 6) {
|
||||
$loglevel = " DEBUG ";
|
||||
}
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
|
||||
fclose($loghandle);
|
||||
if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
|
||||
fclose($loghandle);
|
||||
$file2 = "$file.old";
|
||||
if(file_exists($file2)) unlink($file2);
|
||||
rename($file, $file2);
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n");
|
||||
fclose($loghandle);
|
||||
}
|
||||
}
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -150,12 +107,12 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<?PHP
|
||||
foreach ($groupslist as $groupID => $groupParam) {
|
||||
if ($cfg['rankup_excepted_group_id_list'] != NULL && array_key_exists($groupID, $cfg['rankup_excepted_group_id_list'])) $selected=" selected"; else $selected="";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']; else $iconid="placeholder";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']."."; else $iconid="placeholder.png";
|
||||
if ($groupParam['type'] == 0) $disabled=" disabled"; else $disabled="";
|
||||
if ($groupParam['type'] == 0) $grouptype=" [TEMPLATE GROUP]"; else $grouptype="";
|
||||
if ($groupParam['type'] == 2) $grouptype=" [QUERY GROUP]";
|
||||
if ($groupID != 0) {
|
||||
echo '<option data-content=" <img src=\'../tsicons/',$iconid,'.',$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
echo '<option data-content=" <img src=\'../tsicons/',$iconid,$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -1,56 +1,45 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/phpcommand.php');
|
||||
require_once('_preload.php');
|
||||
|
||||
if(!class_exists('PDO')) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP PDO','//php.net/manual/en/book.pdo.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP PDO','//php.net/manual/en/book.pdo.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(version_compare(phpversion(), '5.5.0', '<')) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr4'],phpversion()); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(!function_exists('simplexml_load_file')) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP SimpleXML','//php.net/manual/en/book.simplexml.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP SimpleXML','//php.net/manual/en/book.simplexml.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(!in_array('curl', get_loaded_extensions())) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP cURL','//php.net/manual/en/book.curl.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP cURL','//php.net/manual/en/book.curl.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(!in_array('zip', get_loaded_extensions())) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP Zip','//php.net/manual/en/book.zip.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP Zip','//php.net/manual/en/book.zip.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(!in_array('mbstring', get_loaded_extensions())) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP mbstring','//php.net/manual/en/book.mbstring.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP mbstring','//php.net/manual/en/book.mbstring.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(!in_array('openssl', get_loaded_extensions())) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP OpenSSL','//php.net/manual/en/book.openssl.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
|
||||
if(!in_array('com_dotnet', get_loaded_extensions())) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP COM extension (php_com_dotnet.dll)','//php.net/manual/en/book.com.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr2'],'PHP COM extension (php_com_dotnet.dll)','//php.net/manual/en/book.com.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if(file_exists($cfg['logs_path'].'ranksystem.log') && !is_writable($cfg['logs_path'].'ranksystem.log')) {
|
||||
$err_msg = sprintf($lang['chkfileperm'], '<pre>chown -R www-data:www-data '.$cfg['logs_path'].'</pre><br>', '<pre>chmod 640 '.$cfg['logs_path'].'ranksystem.log</pre><br><br>', '<pre>'.$cfg['logs_path'].'ranksystem.log</pre>');
|
||||
$err_lvl = 3; $dis_login = 1;
|
||||
$err_msg = sprintf($lang['chkfileperm'], '<pre>chown -R www-data:www-data '.$cfg['logs_path'].'</pre><br>', '<pre>chmod 740 '.$cfg['logs_path'].'ranksystem.log</pre><br><br>', '<pre>'.$cfg['logs_path'].'ranksystem.log</pre>');
|
||||
$err_lvl = 3; $dis_login = 0;
|
||||
}
|
||||
|
||||
if(!is_writable($cfg['logs_path'])) {
|
||||
$err_msg = sprintf($lang['chkfileperm'], '<pre>chown -R www-data:www-data '.$cfg['logs_path'].'</pre><br>', '<pre>chmod 740 '.$cfg['logs_path'].'</pre><br><br>', '<pre>'.$cfg['logs_path'].'</pre>');
|
||||
$err_lvl = 3; $dis_login = 1;
|
||||
$err_lvl = 3; $dis_login = 0;
|
||||
}
|
||||
|
||||
if(!function_exists('exec')) {
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr3'],'exec','//php.net/manual/en/book.exec.php'); $err_lvl = 3; $dis_login = 1;
|
||||
unset($err_msg); $err_msg = sprintf($lang['insterr3'],'exec','//php.net/manual/en/book.exec.php',get_cfg_var('cfg_file_path')); $err_lvl = 3; $dis_login = 1;
|
||||
} else {
|
||||
exec("$phpcommand -v", $phpversioncheck);
|
||||
$output = '';
|
||||
@@ -70,55 +59,6 @@ if(!function_exists('exec')) {
|
||||
}
|
||||
}
|
||||
|
||||
function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
|
||||
if($loglevel > $cfg['logs_debug_level']) return;
|
||||
$file = $cfg['logs_path'].'ranksystem.log';
|
||||
if ($loglevel == 1) {
|
||||
$loglevel = " CRITICAL ";
|
||||
} elseif ($loglevel == 2) {
|
||||
$loglevel = " ERROR ";
|
||||
} elseif ($loglevel == 3) {
|
||||
$loglevel = " WARNING ";
|
||||
} elseif ($loglevel == 4) {
|
||||
$loglevel = " NOTICE ";
|
||||
} elseif ($loglevel == 5) {
|
||||
$loglevel = " INFO ";
|
||||
} elseif ($loglevel == 6) {
|
||||
$loglevel = " DEBUG ";
|
||||
}
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
|
||||
fclose($loghandle);
|
||||
if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
|
||||
fclose($loghandle);
|
||||
$file2 = "$file.old";
|
||||
if(file_exists($file2)) unlink($file2);
|
||||
rename($file, $file2);
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n");
|
||||
fclose($loghandle);
|
||||
}
|
||||
}
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if(($cfg['webinterface_access_last'] + 1) >= time()) {
|
||||
$waittime = $cfg['webinterface_access_last'] + 2 - time();
|
||||
$err_msg = sprintf($lang['errlogin2'],$waittime);
|
||||
@@ -136,7 +76,7 @@ if(($cfg['webinterface_access_last'] + 1) >= time()) {
|
||||
$_SESSION[$rspathhex.'newversion'] = $cfg['version_latest_available'];
|
||||
enter_logfile($cfg,6,sprintf($lang['brute2'], getclientip()));
|
||||
if($mysqlcon->exec("INSERT INTO `$dbname`.`cfg_params` (`param`,`value`) VALUES ('webinterface_access_count','0') ON DUPLICATE KEY UPDATE `value`=VALUES(`value`)") === false) { }
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php");
|
||||
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php");
|
||||
exit;
|
||||
} elseif(isset($_POST['username'])) {
|
||||
$nowtime = time();
|
||||
@@ -148,11 +88,11 @@ if(($cfg['webinterface_access_last'] + 1) >= time()) {
|
||||
}
|
||||
|
||||
if(isset($_SESSION[$rspathhex.'username']) && $_SESSION[$rspathhex.'username'] == $cfg['webinterface_user'] && $_SESSION[$rspathhex.'password'] == $cfg['webinterface_pass']) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php");
|
||||
header("Location: $prot://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\')."/bot.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
require_once('_nav.php');
|
||||
?>
|
||||
<div id="page-wrapper">
|
||||
<?PHP if(isset($err_msg)) error_handling($err_msg, $err_lvl); ?>
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -223,18 +180,18 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<?PHP
|
||||
foreach ($groupslist as $groupID => $groupParam) {
|
||||
if ($groupID == $sgroup) $selected=" selected"; else $selected="";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']; else $iconid="placeholder";
|
||||
if (isset($groupParam['iconid']) && $groupParam['iconid'] != 0) $iconid=$groupParam['iconid']."."; else $iconid="placeholder.png";
|
||||
if ($groupParam['type'] == 0 || $groupParam['type'] == 2) $disabled=" disabled"; else $disabled="";
|
||||
if ($groupParam['type'] == 0) $grouptype=" [TEMPLATE GROUP]"; else $grouptype="";
|
||||
if ($groupParam['type'] == 2) $grouptype=" [QUERY GROUP]";
|
||||
if ($groupID != 0) {
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,'.',$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
echo '<option data-content="<img src=\'../tsicons/',$iconid,$groupParam['ext'],'\' width=\'16\' height=\'16\'> ',$groupParam['sgidname'],' <span class=\'text-muted small\'>SGID: ',$groupID,$grouptype,'</span>" value="',$groupID,'"',$selected,$disabled,'></option>';
|
||||
}
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
</div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;"></i></div>
|
||||
<div class="col-sm-1 text-center delete" name="delete"><i class="fas fa-trash" style="margin-top:10px;cursor:pointer;" title="delete line"></i></div>
|
||||
<div class="col-sm-2"></div>
|
||||
</div>
|
||||
<?PHP
|
||||
@@ -244,7 +201,7 @@ if (isset($_POST['update_old']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
<div class="col-sm-9"></div>
|
||||
<div class="col-sm-1 text-center">
|
||||
<span class="d-inline-block" ata-toggle="tooltip" title="Add new line">
|
||||
<button class="btn btn-primary" style="margin-top: 5px;" type="button"><i class="fas fa-plus"></i></button>
|
||||
<button class="btn btn-primary" onclick="addrankupgroup()" style="margin-top: 5px;" type="button"><i class="fas fa-plus"></i></button>
|
||||
</span>
|
||||
</div>
|
||||
<div class="col-sm-2"></div>
|
||||
@@ -356,16 +313,16 @@ $(".rankuptime").TouchSpin({
|
||||
verticalbuttons: true,
|
||||
prefix: 'Sec.:'
|
||||
});
|
||||
$("#addrankupgroup").click(function(){
|
||||
function addrankupgroup() {
|
||||
var $clone = $("div[name='rankupgroup']").last().clone();
|
||||
$clone.insertBefore("#addrankupgroup");
|
||||
$clone.find('.bootstrap-select').replaceWith(function() { return $('select', this); });
|
||||
$clone.find('select').selectpicker('val', '');
|
||||
$clone.find('.bootstrap-touchspin').replaceWith(function() { return $('input', this); });;
|
||||
$clone.find('input').TouchSpin({min: 0,max: 999999999,verticalbuttons: true,prefix: 'Sec.:'});
|
||||
$clone.find('input').trigger("touchspin.uponce");
|
||||
$("input[name='rankuptime[]']").last().TouchSpin({min: 0,max: 999999999,verticalbuttons: true,prefix: 'Sec.:'});
|
||||
$("input[name='rankuptime[]']").last().trigger("touchspin.uponce");
|
||||
$('.delete').removeClass("hidden");
|
||||
});
|
||||
};
|
||||
$(document).on("click", ".delete", function(){
|
||||
var $number = $('.delete').length;
|
||||
if($number == 1) {
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,50 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
echo "logout";
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,76 +1,11 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
require_once('../other/phpcommand.php');
|
||||
|
||||
function enter_logfile($cfg,$loglevel,$logtext,$norotate = false) {
|
||||
if($loglevel > $cfg['logs_debug_level']) return;
|
||||
$file = $cfg['logs_path'].'ranksystem.log';
|
||||
if ($loglevel == 1) {
|
||||
$loglevel = " CRITICAL ";
|
||||
} elseif ($loglevel == 2) {
|
||||
$loglevel = " ERROR ";
|
||||
} elseif ($loglevel == 3) {
|
||||
$loglevel = " WARNING ";
|
||||
} elseif ($loglevel == 4) {
|
||||
$loglevel = " NOTICE ";
|
||||
} elseif ($loglevel == 5) {
|
||||
$loglevel = " INFO ";
|
||||
} elseif ($loglevel == 6) {
|
||||
$loglevel = " DEBUG ";
|
||||
}
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ").$loglevel.$logtext."\n");
|
||||
fclose($loghandle);
|
||||
if($norotate == false && filesize($file) > ($cfg['logs_rotation_size'] * 1048576)) {
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Logfile filesie of 5 MiB reached.. Rotate logfile.\n");
|
||||
fclose($loghandle);
|
||||
$file2 = "$file.old";
|
||||
if(file_exists($file2)) unlink($file2);
|
||||
rename($file, $file2);
|
||||
$loghandle = fopen($file, 'a');
|
||||
fwrite($loghandle, DateTime::createFromFormat('U.u', number_format(microtime(true), 6, '.', ''))->setTimeZone(new DateTimeZone($cfg['logs_timezone']))->format("Y-m-d H:i:s.u ")." NOTICE Rotated logfile...\n");
|
||||
fclose($loghandle);
|
||||
}
|
||||
}
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($last_access = $mysqlcon->query("SELECT * FROM `$dbname`.`cfg_params` WHERE `param` IN ('webinterface_access_last','webinterface_access_count')")->fetchAll(PDO::FETCH_KEY_PAIR) === false) {
|
||||
$err_msg .= print_r($mysqlcon->errorInfo(), true);
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
$err_lvl = 3;
|
||||
@@ -86,7 +21,7 @@ if (($last_access['webinterface_access_last'] + 1) >= time()) {
|
||||
$err_msg = sprintf($lang['errlogin2'],$again);
|
||||
$err_lvl = 3;
|
||||
} elseif (isset($_POST['resetpw']) && isset($db_csrf[$_POST['csrf_token']]) && ($cfg['webinterface_admin_client_unique_id_list']==NULL || count($cfg['webinterface_admin_client_unique_id_list']) == 0)) {
|
||||
$err_msg = $lang['wirtpw1']; $err_lvl=3;
|
||||
$err_msg = sprintf($lang['wirtpw1'], '<a href="https://github.com/Newcomer1989/TSN-Ranksystem/wiki/FAQ#reset-password-webinterface" target="_blank">https://github.com/Newcomer1989/TSN-Ranksystem/wiki/FAQ#reset-password-webinterface</a>'); $err_lvl=3;
|
||||
} elseif (isset($_POST['resetpw']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
$nowtime = time();
|
||||
$newcount = $last_access['webinterface_access_count'] + 1;
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
|
||||
@@ -1,49 +1,6 @@
|
||||
<?PHP
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
if(in_array('sha512', hash_algos())) {
|
||||
ini_set('session.hash_function', 'sha512');
|
||||
}
|
||||
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if(!headers_sent()) {
|
||||
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
|
||||
}
|
||||
}
|
||||
session_start();
|
||||
|
||||
require_once('../other/config.php');
|
||||
|
||||
function getclientip() {
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']))
|
||||
return $_SERVER['HTTP_CLIENT_IP'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
|
||||
return $_SERVER['HTTP_X_FORWARDED'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
|
||||
return $_SERVER['HTTP_FORWARDED_FOR'];
|
||||
elseif(!empty($_SERVER['HTTP_FORWARDED']))
|
||||
return $_SERVER['HTTP_FORWARDED'];
|
||||
elseif(!empty($_SERVER['REMOTE_ADDR']))
|
||||
return $_SERVER['REMOTE_ADDR'];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_POST['logout'])) {
|
||||
rem_session_ts3($rspathhex);
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
|
||||
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once('nav.php');
|
||||
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
require_once('_preload.php');
|
||||
require_once('_nav.php');
|
||||
|
||||
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
|
||||
$err_msg = print_r($mysqlcon->errorInfo(), true);
|
||||
@@ -69,9 +26,9 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
|
||||
$cfg['teamspeak_query_port'] = $_POST['teamspeak_query_port'];
|
||||
if (isset($_POST['teamspeak_query_encrypt_switch'])) $cfg['teamspeak_query_encrypt_switch'] = 1; else $cfg['teamspeak_query_encrypt_switch'] = 0;
|
||||
$cfg['teamspeak_voice_port'] = $_POST['teamspeak_voice_port'];
|
||||
$cfg['teamspeak_query_user'] = $_POST['teamspeak_query_user'];
|
||||
$cfg['teamspeak_query_pass'] = $_POST['teamspeak_query_pass'];
|
||||
$cfg['teamspeak_query_nickname'] = $_POST['teamspeak_query_nickname'];
|
||||
$cfg['teamspeak_query_user'] = htmlspecialchars($_POST['teamspeak_query_user'], ENT_QUOTES);
|
||||
$cfg['teamspeak_query_pass'] = htmlspecialchars($_POST['teamspeak_query_pass'], ENT_QUOTES);
|
||||
$cfg['teamspeak_query_nickname'] = htmlspecialchars($_POST['teamspeak_query_nickname'], ENT_QUOTES);
|
||||
$cfg['teamspeak_default_channel_id'] = $_POST['teamspeak_default_channel_id'];
|
||||
$cfg['teamspeak_query_command_delay'] = $_POST['teamspeak_query_command_delay'];
|
||||
$cfg['teamspeak_avatar_download_delay']= $_POST['teamspeak_avatar_download_delay'];
|
||||
|
||||
Reference in New Issue
Block a user