IsleHorse/HISP
1
0
Fork 0
mirror of https://github.com/islehorse/HISP.git synced 2025-04-08 22:25:42 +12:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove /admin/

Browse source
This commit is contained in:
SilicaAndPina 2021-07-17 04:23:09 +12:00
parent 90d9d2a03c
commit 01568dcb85
5 changed files with 0 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
WebInterface/game-site/config.php
View file

@ -19,6 +19,4 @@ $EXHANGE_RATE = 100000; # How much 1 USD is worth as HI Money
# Ideally, this would be a random string of numbers, letters and symbols like 20 characters long T-T # Ideally, this would be a random string of numbers, letters and symbols like 20 characters long T-T
$hmac_secret = "!!NOTSET!!"; $hmac_secret = "!!NOTSET!!";
$master_site = "//server.islehorse.com"; $master_site = "//server.islehorse.com";
# Password for /web/admin
$admin_portal_password = "!!NOTSET!!";
?> ?>

100
WebInterface/game-site/web/admin/administrate.php
View file

@ -1,100 +0,0 @@
<?php
include("../config.php");
include("common.php");
session_start(['cookie_lifetime' => 86400]);
include("../header.php");
?>
<CENTER>
<FONT FACE=Verdana,arial SIZE=-1>
<?php
if($_SESSION["A_LOGGED_IN"] !== "YES")
{
header("Location: /web/admin"); # Fuck off.
exit();
}
if(isset($_POST["TYPE"]))
{
if($_POST["TYPE"] == "CHANGEPERMS")
{
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT id FROM Users WHERE username=?");
$stmt->bind_param("s", $_POST["USERNAME"]);
$stmt->execute();
$result = $stmt->get_result();
$user_id = intval($result->fetch_row()[0]);
if(isset($_POST["RESETPASS1"], $_POST["RESETPASS2"]))
{
$pass1 = $_POST["RESETPASS1"];
$pass2 = $_POST["RESETPASS2"];
if($pass1 == $pass2)
{
if($pass1 !== "" || $pass1 !== null)
{
$password_hash = hash_salt($pass1,$salt);
$stmt = $connect->prepare("UPDATE Users SET Password=? WHERE Id=?");
$stmt->bind_param("s",$password_hash, "i", $user_id);
$stmt->execute();
}
}
}
if(isset($_POST["ADMIN"]))
{
$stmt = $connect->prepare("UPDATE Users SET Admin=\"YES\" WHERE Id=?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
}
else
{
$stmt = $connect->prepare("UPDATE Users SET Admin=\"NO\" WHERE Id=?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
}
if(isset($_POST["MOD"]))
{
$stmt = $connect->prepare("UPDATE Users SET Moderator=\"YES\" WHERE Id=?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
}
else
{
$stmt = $connect->prepare("UPDATE Users SET Moderator=\"NO\" WHERE Id=?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
}
echo("<BR><B>Permissions updated successfully.</B></BR>");
echo("<A HREF=/web/admin/administrate.php>Go back</A>");
include("../footer.php");
exit();
}
}
?>
<BR><B>HISP - Admin Portal</B><BR>
<BR>Player Operations</BR>
<BR> <FORM METHOD=POST ACTION=/web/admin/administrate.php>
Username:
<INPUT TYPE=HIDDEN NAME=TYPE VALUE=CHANGEPERMS>
<INPUT TYPE=TEXT SIZE=30 NAME=USERNAME></INPUT><BR>
<INPUT TYPE=CHECKBOX NAME=ADMIN VALUE="ADMIN"> Administrator</INPUT>
<INPUT TYPE=CHECKBOX NAME=MOD VALUE="MOD"> Moderator</INPUT>
<BR>
<P>Reset Password</P>
<INPUT TYPE=TEXT NAME=RESETPASS1 VALUE="" PASSWORD></INPUT>
<P>Reset Password(confirm)</P>
<INPUT TYPE=TEXT NAME=RESETPASS2 VALUE="" PASSWORD></INPUT>
<!-- <INPUT TYPE=CHECKBOX NAME=DELETE VALUE="DELETE"> Delete Account</INPUT><BR> !-->
<INPUT TYPE=SUBMIT VALUE="Apply"</INPUT>
</FORM>
</BR>
<BR>
<A HREF=/web/admin>Logout from admin portal</A><BR>
</BR>
<?php include("../footer.php"); ?>

15
WebInterface/game-site/web/admin/common.php
View file

@ -1,15 +0,0 @@
<?php
function hash_salt(string $input, string $salt)
{
$output = hash('sha512',$input,true);
$len=strlen(bin2hex($output))/2;
$xor_hash = "";
for($i = 0; $i < $len; $i++)
{
$xor_hash .= $output[$i] ^ $salt[$i];
}
return hash('sha512',$xor_hash,false);
}
?>

24
WebInterface/game-site/web/admin/index.php
View file

@ -1,24 +0,0 @@
<?php
include("../../config.php");
session_start(['cookie_lifetime' => 86400]);
$_SESSION["A_LOGGED_IN"] = "NO";
include("../header.php");
?>
<CENTER>
<FONT FACE=Verdana,arial SIZE=-1>
<BR><B>HISP - Super Admin Login</B><BR>
<BR> This page requires a password, please enter it below:</BR>
<BR> <FORM METHOD=POST ACTION=/web/admin/login.php>
<INPUT TYPE=PASSWORD SIZE=30 NAME=PASS></INPUT>
<INPUT TYPE=SUBMIT VALUE=LOGIN>
</FORM>
</BR>
<BR><B>No idea? check config.php of game-site/</B></BR>
<?php
include("../footer.php");
?>

40
WebInterface/game-site/web/admin/login.php
View file

@ -1,40 +0,0 @@
<?php
include("../config.php");
session_start(['cookie_lifetime' => 86400]);
include("../header.php");
?>
<CENTER>
<FONT FACE=Verdana,arial SIZE=-1>
<BR><B>HISP - Super Admin Login</B><BR>
<?php
if(isset($_POST["PASS"]))
{
sleep(3); // Stop bruteforce
if($_POST["PASS"] == $admin_portal_password)
{
if($admin_portal_password == "!!NOTSET!!")
{
echo("Refusing to login as password is default password.");
exit;
}
$_SESSION["A_LOGGED_IN"] = "YES";
header("Location: /web/admin/administrate.php");
}
else
{
echo("<BR> The password you entered was NOT correct. </BR>");
echo("<A HREF=\"/web/admin\">Try Again...</A>");
}
}
else
{
echo("<BR> You didnt enter a password. </BR>");
echo("<A HREF=\"/web/admin\">Try Again...</A>");
}
?>
<?php include("../footer.php"); ?>