arriej/TSN-Ranksystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release 1.3.9

Browse Source
This commit is contained in:
Newcomer1989
2020-08-03 13:02:27 +02:00
parent 2336177eca
commit d196dfb1f6
62 changed files with 3731 additions and 4211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
webinterface/admin_addtime.php
View File

@@ -1,50 +1,6 @@
<?PHP
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1);
if(in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha512');
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');
function getclientip() {
if (!empty($_SERVER['HTTP_CLIENT_IP']))
return $_SERVER['HTTP_CLIENT_IP'];
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
return $_SERVER['HTTP_X_FORWARDED'];
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
return $_SERVER['HTTP_FORWARDED_FOR'];
elseif(!empty($_SERVER['HTTP_FORWARDED']))
return $_SERVER['HTTP_FORWARDED'];
elseif(!empty($_SERVER['REMOTE_ADDR']))
return $_SERVER['REMOTE_ADDR'];
else
return false;
}
if (isset($_POST['logout'])) {
echo "logout";
rem_session_ts3($rspathhex);
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
exit;
}
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
exit;
}
require_once('nav.php');
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
require_once('_preload.php');
require_once('_nav.php');
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
@@ -89,6 +45,8 @@ if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
$allinsertdata = substr($allinsertdata, 0, -1);
if($mysqlcon->exec("INSERT INTO `$dbname`.`admin_addtime` (`uuid`,`timestamp`,`timecount`) VALUES $allinsertdata;") === false) {
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
} elseif($mysqlcon->exec("UPDATE `$dbname`.`job_check` SET `timestamp`=1 WHERE `job_name`='reload_trigger'; ") === false) {
$err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
} else {
$err_msg = substr($succmsg,0,-4); $err_lvl = NULL;
}