Rewrite alot of how game & master site are handled (note in current state its impossible to make an account.)

2025-04-20 19:59:15 +12:00 · 2021-05-19 00:43:27 +12:00 · 2021-05-19 00:43:27 +12:00 · c12399dc0e
commit c12399dc0e
parent 1ad0783f8f
23 changed files with 548 additions and 888 deletions
--- a/WebInterface/game-site/web/admin/administrate.php
+++ b/WebInterface/game-site/web/admin/administrate.php
@ -0,0 +1,100 @@
+<?php
+include("../config.php");
+include("common.php");
+
+session_start(['cookie_lifetime' => 86400]);
+include("../header.php");
+?>
+
+<CENTER>
+<FONT FACE=Verdana,arial SIZE=-1>
+<?php
+	if($_SESSION["logged_in"] == false) 
+	{
+		header("Location: /admin"); # Fuck off.
+		exit();
+	}
+	
+	if(isset($_POST["TYPE"]))
+	{
+		if($_POST["TYPE"] == "CHANGEPERMS")
+		{
+			$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+			$stmt = $connect->prepare("SELECT id FROM Users WHERE username=?");
+			$stmt->bind_param("s", $_POST["USERNAME"]);
+			$stmt->execute();
+			$result = $stmt->get_result();
+			$user_id = intval($result->fetch_row()[0]);
+			
+			if(isset($_POST["RESETPASS1"], $_POST["RESETPASS2"]))
+			{
+				$pass1 = $_POST["RESETPASS1"];
+				$pass2 = $_POST["RESETPASS2"];
+				
+				if($pass1 == $pass2)
+				{
+					if($pass1 !== "" || $pass1 !== null)
+					{
+						$password_hash = hash_salt($pass1,$salt);
+						$stmt = $connect->prepare("UPDATE Users SET Password=? WHERE Id=?");
+						$stmt->bind_param("s",$password_hash, "i", $user_id);
+						$stmt->execute();
+
+					}
+				}
+			}
+			
+			if(isset($_POST["ADMIN"]))
+			{
+				$stmt = $connect->prepare("UPDATE Users SET Admin=\"YES\" WHERE Id=?");
+				$stmt->bind_param("i", $user_id);
+				$stmt->execute();
+			}
+			else
+			{
+				$stmt = $connect->prepare("UPDATE Users SET Admin=\"NO\" WHERE Id=?");
+				$stmt->bind_param("i", $user_id);
+				$stmt->execute();
+			}
+			if(isset($_POST["MOD"]))
+			{
+				$stmt = $connect->prepare("UPDATE Users SET Moderator=\"YES\" WHERE Id=?");
+				$stmt->bind_param("i", $user_id);
+				$stmt->execute();
+			}
+			else
+			{
+				$stmt = $connect->prepare("UPDATE Users SET Moderator=\"NO\" WHERE Id=?");
+				$stmt->bind_param("i", $user_id);
+				$stmt->execute();
+			}
+			echo("<BR><B>Permissions updated successfully.</B></BR>");
+			echo("<A HREF=administrate.php>Go back</A>");
+			include("../footer.php");
+			exit();
+		}
+	}
+?>
+<BR><B>HISP - Admin Portal</B><BR>
+<BR>Player Operations</BR>
+<BR> <FORM METHOD=POST ACTION=/admin/administrate.php>
+	Username:
+	<INPUT TYPE=HIDDEN NAME=TYPE VALUE=CHANGEPERMS>
+	<INPUT TYPE=TEXT SIZE=30 NAME=USERNAME></INPUT><BR>
+	<INPUT TYPE=CHECKBOX NAME=ADMIN VALUE="ADMIN"> Administrator</INPUT>
+	<INPUT TYPE=CHECKBOX NAME=MOD VALUE="MOD"> Moderator</INPUT>
+	<BR>
+	<P>Reset Password</P>
+	<INPUT TYPE=TEXT NAME=RESETPASS1 VALUE="" PASSWORD></INPUT>
+	<P>Reset Password(confirm)</P>
+	<INPUT TYPE=TEXT NAME=RESETPASS2 VALUE="" PASSWORD></INPUT>
+	<!-- <INPUT TYPE=CHECKBOX NAME=DELETE VALUE="DELETE"> Delete Account</INPUT><BR> !-->
+	<INPUT TYPE=SUBMIT VALUE="Apply"</INPUT>
+	</FORM>
+</BR>
+<BR>
+		<A HREF=/ADMIN>Logout from admin portal</A><BR>
+</BR>
+
+
+<?php include("../footer.php"); ?>
--- a/WebInterface/game-site/web/admin/common.php
+++ b/WebInterface/game-site/web/admin/common.php
@ -0,0 +1,15 @@
+<?php
+
+function hash_salt(string $input, string $salt)
+{
+	$output = hash('sha512',$input,true);
+	$len=strlen(bin2hex($output))/2;
+	$xor_hash = "";
+	for($i = 0; $i < $len; $i++)
+	{
+		$xor_hash .= $output[$i] ^ $salt[$i];
+	}
+	
+	return hash('sha512',$xor_hash,false);
+}
+?>
--- a/WebInterface/game-site/web/admin/index.php
+++ b/WebInterface/game-site/web/admin/index.php
@ -0,0 +1,24 @@
+<?php
+include("../../config.php");
+
+session_start(['cookie_lifetime' => 86400]);
+$_SESSION["logged_in"] = false;
+include("../header.php");
+?>
+
+
+<CENTER>
+<FONT FACE=Verdana,arial SIZE=-1>
+<BR><B>HISP - Super Admin Login</B><BR>
+<BR> This page requires a password, please enter it below:</BR>
+<BR> <FORM METHOD=POST ACTION=/admin/login.php>
+	<INPUT TYPE=PASSWORD SIZE=30 NAME=PASS></INPUT>
+	<INPUT TYPE=SUBMIT VALUE=LOGIN>
+	</FORM>
+</BR>
+<BR><B>No idea? check config.php of game-site/</B></BR>
+
+
+<?php
+include("../footer.php");
+?>
--- a/WebInterface/game-site/web/admin/login.php
+++ b/WebInterface/game-site/web/admin/login.php
@ -0,0 +1,40 @@
+<?php
+include("../config.php");
+
+session_start(['cookie_lifetime' => 86400]);
+include("../header.php");
+?>
+
+<CENTER>
+<FONT FACE=Verdana,arial SIZE=-1>
+<BR><B>HISP - Super Admin Login</B><BR>
+<?php
+	if(isset($_POST["PASS"]))
+	{
+		sleep(3); // Stop bruteforce
+		if($_POST["PASS"] == $admin_portal_password)
+		{
+			if($admin_portal_password == "!!NOTSET!!")
+			{
+				echo("Refusing to login as password is default password.");
+				exit;
+			}
+
+			$_SESSION["logged_in"] = true;
+			header("Location: administrate.php");
+		}
+		else
+		{
+			echo("<BR> The password you entered was NOT correct. </BR>");
+			echo("<A HREF=\"/admin\">Try Again...</A>");
+		}
+	}
+	else
+	{
+		echo("<BR> You didnt enter a password. </BR>");
+		echo("<A HREF=\"/admin\">Try Again...</A>");
+	}
+?>
+
+
+<?php include("../footer.php"); ?>