arriej/TSN-Ranksystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46c5f0a6ce2cf16f55498b7a45af5b086d1c195c
TSN-Ranksystem/webinterface/addon_assign_groups.php
Newcomer1989 46c5f0a6ce release 1.3.0
2019-06-11 13:04:44 +02:00

216 lines
8.8 KiB
PHP
Raw Blame History

<?PHP
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1);
if(in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha512');
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');
require_once('../other/load_addons_config.php');
$addons_config = load_addons_config($mysqlcon,$lang,$cfg,$dbname);
function getclientip() {
if (!empty($_SERVER['HTTP_CLIENT_IP']))
return $_SERVER['HTTP_CLIENT_IP'];
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
elseif(!empty($_SERVER['HTTP_X_FORWARDED']))
return $_SERVER['HTTP_X_FORWARDED'];
elseif(!empty($_SERVER['HTTP_FORWARDED_FOR']))
return $_SERVER['HTTP_FORWARDED_FOR'];
elseif(!empty($_SERVER['HTTP_FORWARDED']))
return $_SERVER['HTTP_FORWARDED'];
elseif(!empty($_SERVER['REMOTE_ADDR']))
return $_SERVER['REMOTE_ADDR'];
else
return false;
}
if (isset($_POST['logout'])) {
echo "logout";
rem_session_ts3($rspathhex);
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
exit;
}
if (!isset($_SESSION[$rspathhex.'username']) || $_SESSION[$rspathhex.'username'] != $cfg['webinterface_user'] || $_SESSION[$rspathhex.'password'] != $cfg['webinterface_pass'] || $_SESSION[$rspathhex.'clientip'] != getclientip()) {
header("Location: //".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']), '/\\'));
exit;
}
require_once('nav.php');
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
$assign_groups_active = 0;
if (isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
$assign_groups_limit = $_POST['assign_groups_limit'];
$assign_groups_groupids = $_POST['assign_groups_groupids'];
if (isset($_POST['assign_groups_active'])) $assign_groups_active = 1;
if ($mysqlcon->exec("UPDATE `$dbname`.`addons_config` SET `value` = CASE `param` WHEN 'assign_groups_active' THEN '$assign_groups_active' WHEN 'assign_groups_limit' THEN '$assign_groups_limit' WHEN 'assign_groups_groupids' THEN '$assign_groups_groupids' END WHERE `param` IN ('assign_groups_active','assign_groups_groupids','assign_groups_limit')") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
} else {
$err_msg = $lang['wisvsuc'];
$err_lvl = NULL;
}
$addons_config['assign_groups_groupids']['value'] = $_POST['assign_groups_groupids'];
$addons_config['assign_groups_limit']['value'] = $_POST['assign_groups_limit'];
$addons_config['assign_groups_active']['value'] = $assign_groups_active;
} elseif(isset($_POST['update'])) {
echo '<div class="alert alert-danger alert-dismissible">',$lang['errcsrf'],'</div>';
rem_session_ts3($rspathhex);
exit;
}
?>
<div id="page-wrapper">
<?PHP if(isset($err_msg)) error_handling($err_msg, $err_lvl); ?>
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">
<?php echo $lang['stag0001']; ?>
</h1>
</div>
</div>
<form class="form-horizontal" data-toggle="validator" name="update" method="POST">
<input type="hidden" name="csrf_token" value="<?PHP echo $csrf_token; ?>">
<div class="form-horizontal">
<div class="row">
<div class="col-md-3">
</div>
<div class="col-md-6">
<div class="panel panel-default">
<div class="panel-body">
<div class="form-group">
<label class="col-sm-4 control-label" data-toggle="modal" data-target="#stag0014"><?php echo $lang['stag0013']; ?><i class="help-hover fas fa-question-circle"></i></label>
<div class="col-sm-8">
<?PHP if ($addons_config['assign_groups_active']['value'] == '1') {
echo '<input class="switch-animate" type="checkbox" checked data-size="mini" name="assign_groups_active" value="',$assign_groups_active,'">';
} else {
echo '<input class="switch-animate" type="checkbox" data-size="mini" name="assign_groups_active" value="',$assign_groups_active,'">';
} ?>
</div>
</div>
<div class="row">&nbsp;</div>
<div class="row">&nbsp;</div>
<div class="form-group required-field-block">
<label class="col-sm-4 control-label" data-toggle="modal" data-target="#stag0003"><?php echo $lang['stag0002']; ?><i class="help-hover fas fa-question-circle"></i></label>
<div class="col-sm-8">
<textarea class="form-control" data-pattern="^([0-9]+,)*[0-9]+$" data-error="Wrong definition, please look at description for more details. No comma at ending!" rows="5" name="assign_groups_groupids" maxlength="5000" required><?php echo $addons_config['assign_groups_groupids']['value']; ?></textarea>
<div class="required-icon"><div class="text">*</div></div>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<label class="col-sm-4 control-label" data-toggle="modal" data-target="#stag0005"><?php echo $lang['stag0004']; ?><i class="help-hover fas fa-question-circle"></i></label>
<div class="col-sm-8">
<input type="text" class="form-control" name="assign_groups_limit" value="<?php echo $addons_config['assign_groups_limit']['value']; ?>">
<script>
$("input[name='assign_groups_limit']").TouchSpin({
min: 1,
max: 65534,
verticalbuttons: true,
prefix: 'No.'
});
</script>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="row">&nbsp;</div>
<div class="row">
<div class="text-center">
<button type="submit" class="btn btn-primary" name="update"><?php echo $lang['wisvconf']; ?></button>
</div>
</div>
<div class="row">&nbsp;</div>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="stag0003" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title"><?php echo $lang['stag0002']; ?></h4>
</div>
<div class="modal-body">
<?php echo $lang['stag0003']; ?>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><?PHP echo $lang['stnv0002']; ?></button>
</div>
</div>
</div>
</div>
<div class="modal fade" id="stag0005" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title"><?php echo $lang['stag0004']; ?></h4>
</div>
<div class="modal-body">
<?php echo $lang['stag0005']; ?>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><?PHP echo $lang['stnv0002']; ?></button>
</div>
</div>
</div>
</div>
<div class="modal fade" id="stag0014" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title"><?php echo $lang['stag0013']; ?></h4>
</div>
<div class="modal-body">
<?php echo $lang['stag0014']; ?>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><?PHP echo $lang['stnv0002']; ?></button>
</div>
</div>
</div>
</div>
<script>
$('form[data-toggle="validator"]').validator({
custom: {
pattern: function ($el) {
var pattern = new RegExp($el.data('pattern'));
return pattern.test($el.val());
}
},
delay: 100,
errors: {
pattern: "There should be an error in your value, please check all could be right!"
}
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink