mirror of
https://github.com/islehorse/HISP.git
synced 2025-06-03 20:37:07 +12:00
More web stuff
This commit is contained in:
SilicaAndPina
parent
c12399dc0e
commit
b2ce6be543
12 changed files with 323 additions and 118 deletions
|
|
@ -11,7 +11,7 @@ $dbhost = '127.0.0.1';
|
|||
# Should be set to the same value on all game sites and the master site.
|
||||
# NOTE: if someone knows this secret they can create accounts with ADMIN privledges!
|
||||
$hmac_secret = "!!NOTSET!!";
|
||||
|
||||
$master_site = "http://server.islehorse.com";
|
||||
# Password for /web/admin
|
||||
$admin_portal_password = "!!NOTSET!!";
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
<?php
|
||||
include('config.php');
|
||||
|
||||
if($hmac_secret === "!!NOTSET!!") # Defaults bad.
|
||||
{
|
||||
header("HTTP/1.1 403 Forbidden");
|
||||
echo("Please set HMAC_SECRET in CONFIG.PHP! for security reasons joining the server is refused.<br>Change it from the default and then try again!");
|
||||
exit();
|
||||
}
|
||||
|
||||
if(isset($_POST["ID"], $_POST["USERNAME"], $_POST["USERNAME"], $_POST["PASSHASH"], $_POST["PASSSALT"], $_POST["SEX"], $_POST["MODERATOR"], $_POST["ADMIN"], $_POST["CODE"]))
|
||||
{
|
||||
$id = $_POST["ID"];
|
||||
$username = $_POST["USERNAME"];
|
||||
$passhash = $_POST["PASSHASH"];
|
||||
$passsalt = $_POST["PASSSALT"];
|
||||
$sex = $_POST["SEX"];
|
||||
$moderator = $_POST["MODERATOR"];
|
||||
$admin = $_POST["ADMIN"];
|
||||
$code = $_POST["CODE"];
|
||||
|
||||
#Verify Input
|
||||
$hmac = hash_hmac('sha256', (string)$id.$username.$passhash.$passsalt.$sex.$moderator.$admin, $hmac_secret."HOIL4321"));
|
||||
|
||||
if (hash_equals($code, $hmac))
|
||||
{
|
||||
# Create Account.
|
||||
$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)");
|
||||
$stmt->bind_param("issssss", $id, $username, $passhash, $passsalt, $sex, $admin, $moderator);
|
||||
$stmt->execute();
|
||||
echo("OK");
|
||||
}
|
||||
else
|
||||
{
|
||||
header("HTTP/1.1 403 Forbidden");
|
||||
echo("Invalid HMAC! Please ensure that all game-site's have the same HMAC as the master-site!
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
@ -9,9 +9,9 @@ include("../header.php");
|
|||
<CENTER>
|
||||
<FONT FACE=Verdana,arial SIZE=-1>
|
||||
<?php
|
||||
if($_SESSION["logged_in"] == false)
|
||||
if($_SESSION["A_LOGGED_IN"] !== "YES")
|
||||
{
|
||||
header("Location: /admin"); # Fuck off.
|
||||
header("Location: /web/admin"); # Fuck off.
|
||||
exit();
|
||||
}
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ include("../header.php");
|
|||
$stmt->execute();
|
||||
}
|
||||
echo("<BR><B>Permissions updated successfully.</B></BR>");
|
||||
echo("<A HREF=administrate.php>Go back</A>");
|
||||
echo("<A HREF=/web/admin/administrate.php>Go back</A>");
|
||||
include("../footer.php");
|
||||
exit();
|
||||
}
|
||||
|
|
@ -77,7 +77,7 @@ include("../header.php");
|
|||
?>
|
||||
<BR><B>HISP - Admin Portal</B><BR>
|
||||
<BR>Player Operations</BR>
|
||||
<BR> <FORM METHOD=POST ACTION=/admin/administrate.php>
|
||||
<BR> <FORM METHOD=POST ACTION=/web/admin/administrate.php>
|
||||
Username:
|
||||
<INPUT TYPE=HIDDEN NAME=TYPE VALUE=CHANGEPERMS>
|
||||
<INPUT TYPE=TEXT SIZE=30 NAME=USERNAME></INPUT><BR>
|
||||
|
|
@ -93,7 +93,7 @@ include("../header.php");
|
|||
</FORM>
|
||||
</BR>
|
||||
<BR>
|
||||
<A HREF=/ADMIN>Logout from admin portal</A><BR>
|
||||
<A HREF=/web/admin>Logout from admin portal</A><BR>
|
||||
</BR>
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
include("../../config.php");
|
||||
|
||||
session_start(['cookie_lifetime' => 86400]);
|
||||
$_SESSION["logged_in"] = false;
|
||||
$_SESSION["A_LOGGED_IN"] = "NO";
|
||||
include("../header.php");
|
||||
?>
|
||||
|
||||
|
|
@ -11,7 +11,7 @@ include("../header.php");
|
|||
<FONT FACE=Verdana,arial SIZE=-1>
|
||||
<BR><B>HISP - Super Admin Login</B><BR>
|
||||
<BR> This page requires a password, please enter it below:</BR>
|
||||
<BR> <FORM METHOD=POST ACTION=/admin/login.php>
|
||||
<BR> <FORM METHOD=POST ACTION=/web/admin/login.php>
|
||||
<INPUT TYPE=PASSWORD SIZE=30 NAME=PASS></INPUT>
|
||||
<INPUT TYPE=SUBMIT VALUE=LOGIN>
|
||||
</FORM>
|
||||
|
|
|
|||
|
|
@ -20,19 +20,19 @@ include("../header.php");
|
|||
exit;
|
||||
}
|
||||
|
||||
$_SESSION["logged_in"] = true;
|
||||
header("Location: administrate.php");
|
||||
$_SESSION["A_LOGGED_IN"] = "YES";
|
||||
header("Location: /web/admin/administrate.php");
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("<BR> The password you entered was NOT correct. </BR>");
|
||||
echo("<A HREF=\"/admin\">Try Again...</A>");
|
||||
echo("<A HREF=\"/web/admin\">Try Again...</A>");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo("<BR> You didnt enter a password. </BR>");
|
||||
echo("<A HREF=\"/admin\">Try Again...</A>");
|
||||
echo("<A HREF=\"/web/admin\">Try Again...</A>");
|
||||
}
|
||||
?>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue