Trang chủ Khám phá Trợ giúp
Đăng nhập
yosoyhendrix
/
OGP-Website
mirror of https://github.com/OpenGamePanel/OGP-Website
1
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: 8825bfb6a0
Branches Tags
OGP-Website
/
index.php

index.php 12 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380 
  1. <?php
    2. 

  2. /*
    3. 

  3.  *
    4. 

  4.  * OGP - Open Game Panel
    5. 

  5.  * Copyright (C) 2008 - 2017 The OGP Development Team
    6. 

  6.  *
    7. 

  7.  * http://www.opengamepanel.org/
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU General Public License
    11. 

  11.  * as published by the Free Software Foundation; either version 2
    12. 

  12.  * of the License, or any later version.
    13. 

  13.  *
    14. 

  14.  * This program is distributed in the hope that it will be useful,
    15. 

  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    17. 

  17.  * GNU General Public License for more details.
    18. 

  18.  *
    19. 

  19.  * You should have received a copy of the GNU General Public License
    20. 

  20.  * along with this program; if not, write to the Free Software
    21. 

  21.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
    22. 

  22.  *
    23. 

  23.  */
    24. 

  24.  
    25. 

  25. // Report all PHP errors
    26. 

  26. error_reporting(E_ERROR);
    27. 

  27. 

  28. // Path definitions
    29. 

  29. define("IMAGES", "images/");
    30. 

  30. define("INCLUDES", "includes/");
    31. 

  31. define("MODULES", "modules/");
    32. 

  32. 

  33. define("CONFIG_FILE","includes/config.inc.php");
    34. 

  34. 

  35. require_once("includes/functions.php");
    36. 

  36. require_once("includes/helpers.php");
    37. 

  37. require_once("includes/html_functions.php");
    38. 

  38. 

  39. // Start the session valid for opengamepanel_web only
    40. 

  40. startSession();
    41. 

  41. 

  42. // Useful for debugging :)
    43. 

  43. // echo "<p>Session ID is " . session_id() . "</p>";
    44. 

  44. // echo "<p>Lifetime is: " . $cookie_lifetime . "<br />Dir is " . rtrim(dirname($_SERVER["SCRIPT_NAME"]),"/") . "/" . "<br /> Session cookie domain path is " . $session_cookie_domain_path . "<br />SSL is " . $ssl . "</p>";
    45. 

  45. 

  46. //Config Check
    47. 

  47. $config_inc_readable = is_readable(CONFIG_FILE);
    48. 

  48. if ( !$config_inc_readable && file_exists("install.php") ) {
    49. 

  49. 	header('Location: install.php');
    50. 

  50. 	exit();
    51. 

  51. }
    52. 

  52. if ( '' == file_get_contents(CONFIG_FILE) ) { 
    53. 

  53. 	header('Location: install.php');
    54. 

  54. 	exit();
    55. 

  55. }
    56. 

  56. 

  57. require_once CONFIG_FILE;
    58. 

  58. // Connect to the database server and select database.
    59. 

  59. $db = createDatabaseConnection($db_type, $db_host, $db_user, $db_pass, $db_name, $table_prefix);
    60. 

  60. 

  61. // Load languages.
    62. 

  62. include_once("includes/lang.php");
    63. 

  63. 

  64. if (!$db instanceof OGPDatabase) {
    65. 

  65. 	ogpLang();
    66. 

  66. 	die(get_lang('no_db_connection'));
    67. 

  67. }
    68. 

  68. 

  69. // Logged in user settings - access this global variable where needed
    70. 

  70. if(hasValue($_SESSION['user_id'])){
    71. 

  71. 	$loggedInUserInfo = $db->getUserById($_SESSION['user_id']);
    72. 

  72. }
    73. 

  73. 

  74. $settings = $db->getSettings();
    75. 

  75. @$GLOBALS['panel_language'] = $settings['panel_language'];
    76. 

  76. ogpLang();
    77. 

  77. 

  78. require_once("includes/view.php");
    79. 

  79. $view = new OGPView();
    80. 

  80. $view->setCharset( lang_charset );
    81. 

  81. if(isset($_GET['type']) && $_GET['type'] == 'cleared')
    82. 

  82. {
    83. 

  83. 	heading(true);
    84. 

  84. 	$view->printView(true);
    85. 

  85. }
    86. 

  86. else
    87. 

  87. {
    88. 

  88. 	ogpHome();
    89. 

  89. 	$view->printView();
    90. 

  90. }
    91. 

  91. 

  92. function heading()
    93. 

  93. {
    94. 

  94. 

  95. 	global $db,$view,$settings;
    96. 

  96. 	
    97. 

  97. 	$view->setCharset( lang_charset );
    98. 

  98. 	$view->setTimeZone($settings['time_zone']);
    99. 

  99. 	
    100. 

  100. 	if ( !file_exists(CONFIG_FILE) )
    101. 

  101.     {
    102. 

  102.         print_failure( get_lang("failed_to_read_config") );
    103. 

  103.         $view->refresh("index.php");
    104. 

  104.         return;
    105. 

  105.     }
    106. 

  106.     // Start Output Buffering
    107. 

  107.     	
    108. 

  108. 	if( isset($settings['maintenance_mode']) && $settings['maintenance_mode'] == "1" )
    109. 

  109. 	{
    110. 

  110. 		if ($_SESSION['users_group'] != "admin" )
    111. 

  111. 		{
    112. 

  112. 			echo "<h2>".$settings['maintenance_title']."</h2>";
    113. 

  113. 			echo "<p>".$settings['maintenance_message']."</p>";
    114. 

  114. 			$view->setTitle("OGP: Maintenance.");
    115. 

  115. 			echo "<p class='failure'>". logging_out_10 ."...</p>";
    116. 

  116. 			$view->refresh("index.php", 10);
    117. 

  117. 			session_destroy();
    118. 

  118. 			return;
    119. 

  119. 		}
    120. 

  120. 	}
    121. 

  121. 	include "includes/navig.php";
    122. 

  122. 	if(isset($maintenance))echo $maintenance;
    123. 

  123. }
    124. 

  124. 

  125. function ogpHome()
    126. 

  126. {
    127. 

  127.     global $db,$view,$settings;
    128. 

  128. 	
    129. 

  129. 	if( isset($_GET['lang']) AND $_GET['lang'] != "-")
    130. 

  130. 		$lang = $_GET['lang'];
    131. 

  131. 	elseif( isset($settings['panel_language']) )
    132. 

  132. 		$lang = $settings['panel_language'];
    133. 

  133. 	else
    134. 

  134. 		$lang = "English";
    135. 

  135. 	
    136. 

  136. 	$locale_files = makefilelist("lang/", ".|..|.svn", true, "folders");
    137. 

  137. 	$lang_sel = "<select name='lang' onchange=\"this.form.submit();\" >\n".
    138. 

  138. 				"<option>-</option>\n";
    139. 

  139. 	for ($i=0;$i < count($locale_files);$i++) 
    140. 

  140. 	{
    141. 

  141. 		$selected = ( isset( $_GET['lang'] ) AND $_GET['lang'] != "-" AND $_GET['lang'] == $locale_files[$i] ) ? "selected='selected'" : "";
    142. 

  142. 		$lang_sel .= "<option $selected value='".$locale_files[$i]."' >".$locale_files[$i]."</option>\n";
    143. 

  143. 	}
    144. 

  144. 	$lang_sel .= "</select>\n";
    145. 

  145. 	$lang_switch = ( isset( $_GET['lang'] ) AND $_GET['lang'] != "-" ) ? "&amp;lang=" . $_GET['lang'] : "";
    146. 

  146. 	?>
    147. 

  147. 	%top%
    148. 

  148. 	<div class="menu-bg">
    149. 

  149. 		<div class="menu">
    150. 

  150. 		<ul>
    151. 

  151. 		<li><a href="index.php<?php echo preg_replace( "/\&amp;/", "?", $lang_switch ); ?>" <?php if (!isset($_GET['m'])) echo 'class="admin_menu_link_selected"'; else echo 'class="admin_menu_link"'; ?> target="_self" ><span class="controlpanellogin"><?php echo get_lang("login_title"); ?></span></a></li>
    152. 

  152. <?php
    153. 

  153. 	$menus = $db->getMenusForGroup('guest');
    154. 

  154. 	if(!empty($menus))
    155. 

  155. 	{
    156. 

  156. 		foreach ( $menus as $menu )
    157. 

  157. 		{
    158. 

  158. 			$module = $menu['module'];
    159. 

  159. 			if ( !empty( $menu['subpage'] ) )
    160. 

  160. 			{
    161. 

  161. 				$subpage = "&amp;p=".$menu['subpage'];
    162. 

  162. 				$button = $menu['subpage'];
    163. 

  163. 				if (isset($_GET['p']) AND $_GET['p'] == $menu['subpage'] ) $menu_link_class = 'user_menu_link_selected'; else $menu_link_class = 'user_menu_link';
    164. 

  164. 			}
    165. 

  165. 			else
    166. 

  166. 			{
    167. 

  167. 				$subpage = "";
    168. 

  168. 				$button = $menu['module'];
    169. 

  169. 				if (isset($_GET['m']) AND $_GET['m'] == $menu['module'] ) $menu_link_class = 'user_menu_link_selected'; else $menu_link_class = 'user_menu_link';
    170. 

  170. 			}
    171. 

  171. 						
    172. 

  172. 			$button_url = "?m=".$module.$subpage.$lang_switch;
    173. 

  173. 			
    174. 

  174. 			if ( preg_match( '/\\_?\\_/', get_lang("$button") ) )
    175. 

  175. 			{
    176. 

  176. 				$button_name = $menu['menu_name'];
    177. 

  177. 			}
    178. 

  178. 			else
    179. 

  179. 			{
    180. 

  180. 				$button_name = get_lang("$button");
    181. 

  181. 			}
    182. 

  182. 			
    183. 

  183. 			echo "<li><a class='".$menu_link_class."' href='".$button_url."'><span class='$button'>$button_name</span></a>
    184. 

  184. 				  </li>\n";
    185. 

  185. 		}
    186. 

  186. 	}
    187. 

  187. ?>
    188. 

  188. 		</ul>
    189. 

  189. 		</div>
    190. 

  190. 	</div>
    191. 

  191. 	%topbody%
    192. 

  192. 	<?php 
    193. 

  193. 	if (isset($_GET['m']))
    194. 

  194. 	{
    195. 

  195. 		heading();
    196. 

  196. 		//tagged for future use...
    197. 

  197. 		/*
    198. 

  198. 			$postdata = "";
    199. 

  199. 			foreach($_POST as $key =>$value)
    200. 

  200. 				$postdata .= ",'$key': '$value'";
    201. 

  201. 			$postdata = substr($postdata,1);
    202. 

  202. 			$postdata = "{".$postdata."}";
    203. 

  203. 		*/
    204. 

  204. 	}
    205. 

  205. 	else
    206. 

  206. 	{
    207. 

  207. 		$default_page = $db->isModuleInstalled('dashboard') ? "m=dashboard&amp;p=dashboard" : "m=gamemanager&p=game_monitor";
    208. 

  208. 		if ( isset($_SESSION['users_login']) )
    209. 

  209. 		{
    210. 

  210. 			$userInfo = $db->getUser($_SESSION['users_login']);
    211. 

  211. 			if( isset($_SESSION['users_passwd']) AND !empty($_SESSION['users_passwd']) AND $_SESSION['users_passwd'] == $userInfo['users_passwd'])
    212. 

  212. 			{
    213. 

  213. 				print_success( get_lang("already_logged_in_redirecting_to_dashboard") .".");
    214. 

  214. 				$view->refresh("home.php?$default_page",2);
    215. 

  215. 				echo "%botbody%
    216. 

  216. 					  %bottom%";
    217. 

  217. 				return;
    218. 

  218. 			}
    219. 

  219. 		}
    220. 

  220. 		
    221. 

  221. 		if ( isset($_POST['login']) )
    222. 

  222. 		{
    223. 

  223. 			$client_ip = getClientIPAddress();
    224. 

  224. 			
    225. 

  225. 			$ban_list = $db->resultQuery("SHOW TABLES LIKE 'OGP_DB_PREFIXban_list';");
    226. 

  226. 			if ( empty( $ban_list ) )
    227. 

  227. 			{
    228. 

  228. 				$db->query("CREATE TABLE IF NOT EXISTS `OGP_DB_PREFIXban_list` (
    229. 

  229. 							`client_ip` varchar(255) NOT NULL,
    230. 

  230. 							`logging_attempts` int(11) NOT NULL DEFAULT '0',
    231. 

  231. 							`banned_until` varchar(16) NOT NULL DEFAULT '0',
    232. 

  232. 							 PRIMARY KEY (`client_ip`)
    233. 

  233. 							) ENGINE=MyISAM DEFAULT CHARSET=latin1;");
    234. 

  234. 			}
    235. 

  235. 			
    236. 

  236. 			$banlist_info = $db->resultQuery("SELECT logging_attempts, banned_until FROM `OGP_DB_PREFIXban_list` WHERE client_ip='".$client_ip."';");
    237. 

  237. 			$login_attempts = !$banlist_info ? 0 : $banlist_info['0']['logging_attempts'];
    238. 

  238. 			
    239. 

  239. 			if( !$banlist_info )
    240. 

  240. 				$db->query("INSERT INTO `OGP_DB_PREFIXban_list` (`client_ip`) VALUES('$client_ip');");
    241. 

  241. 

  242. 			if( $banlist_info AND $banlist_info['0']['banned_until'] > 0 AND $banlist_info['0']['banned_until'] <= time() )
    243. 

  243. 			{
    244. 

  244. 				$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='0', banned_until='0' WHERE client_ip='$client_ip';");
    245. 

  245. 				$login_attempts = 0;
    246. 

  246. 			}
    247. 

  247. 			
    248. 

  248. 			if( $login_attempts == $settings["login_attempts_before_banned"] )
    249. 

  249. 			{
    250. 

  250. 				print_failure("Banned until " . date("r",$banlist_info['0']['banned_until']));
    251. 

  251. 				echo "%botbody%
    252. 

  252. 					  %bottom%";
    253. 

  253. 				return;
    254. 

  254. 			}
    255. 

  255. 						
    256. 

  256. 			$userInfo = $db->getUser($_POST['ulogin']);
    257. 

  257. 			
    258. 

  258. 			// If result matched $myusername and $mypassword, table row must be 1 row
    259. 

  259. 			if( isset($userInfo['users_passwd']) && md5($_POST['upassword']) == $userInfo['users_passwd'])
    260. 

  260. 			{
    261. 

  261. 				// Handle recaptcha if enabled
    262. 

  262. 				// But admins don't have to do this :)
    263. 

  263. 				if($settings['recaptcha_use_login'] == "1" && !empty($settings['recaptcha_site_key']) && !empty($settings['recaptcha_secret_key']) && $userInfo['users_role'] != "admin"){
    264. 

  264. 					$gRecaptchaResponse = sanitizeInputStr($_REQUEST['g-recaptcha-response']);
    265. 

  265. 					
    266. 

  266. 					$sitekey = $settings['recaptcha_site_key'];
    267. 

  267. 					$secretkey = $settings['recaptcha_secret_key'];
    268. 

  268. 		
    269. 

  269. 					require_once('includes/classes/recaptcha/autoload.php');
    270. 

  270. 					$recaptcha = new \ReCaptcha\ReCaptcha($secretkey);
    271. 

  271. 					$resp = $recaptcha->verify($gRecaptchaResponse, $client_ip);
    272. 

  272. 

  273. 					if (empty($gRecaptchaResponse) || !$resp->isSuccess()){
    274. 

  274. 						print_failure("Recaptcha failed. Try again!");
    275. 

  275. 						$view->refresh("index.php",5);
    276. 

  276. 						return; 
    277. 

  277. 					}
    278. 

  278. 				}
    279. 

  279. 				
    280. 

  280. 				$_SESSION['user_id'] = $userInfo['user_id'];
    281. 

  281. 				$_SESSION['users_login'] = $userInfo['users_login'];
    282. 

  282. 				$_SESSION['users_passwd'] = $userInfo['users_passwd'];
    283. 

  283. 				$_SESSION['users_group'] = $userInfo['users_role'];
    284. 

  284. 				$_SESSION['users_lang'] = isset( $_GET['lang'] ) ? $_GET['lang'] : $userInfo['users_lang'];
    285. 

  285. 				$_SESSION['users_theme'] = $userInfo['users_theme'];
    286. 

  286. 				print_success( get_lang("logging_in") ."...");
    287. 

  287. 				$db->logger( get_lang("logging_in") ."...");
    288. 

  288. 				$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='0', banned_until='0' WHERE client_ip = '$client_ip';");
    289. 

  289. 				$view->refresh("home.php?$default_page",2);
    290. 

  290. 			}
    291. 

  291. 			else
    292. 

  292. 			{
    293. 

  293. 				print_failure( get_lang("bad_login") );
    294. 

  294. 				$login_attempts++;
    295. 

  295. 				if( $login_attempts == $settings["login_attempts_before_banned"] )
    296. 

  296. 				{
    297. 

  297. 					$banned_until = time() + 300; // Five minutes banned from the panel.
    298. 

  298. 					$banlist_info['0']['banned_until'] = $banned_until;
    299. 

  299. 					$db->logger( get_lang("bad_login") . " ( Banned until " . date("r", $banned_until) . " ) [ " . login . ": $_POST[ulogin], " . password . ": $_POST[upassword] ]" );
    300. 

  300. 					$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='$login_attempts', banned_until='$banned_until' WHERE client_ip='$client_ip';");
    301. 

  301. 					print_failure("Banned until " . date("r",$banlist_info['0']['banned_until']));
    302. 

  302. 				}
    303. 

  303. 				else
    304. 

  304. 				{
    305. 

  305. 					$db->logger( get_lang("bad_login") . " ( $login_attempts ) [ " . login . ": $_POST[ulogin], " . password . ": $_POST[upassword] ]" );
    306. 

  306. 					$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='$login_attempts' WHERE client_ip='$client_ip';");
    307. 

  307. 					$view->refresh("index.php",2);
    308. 

  308. 				}
    309. 

  309. 			}
    310. 

  310. 			echo "%botbody%
    311. 

  311. 				  %bottom%";
    312. 

  312. 			return;
    313. 

  313. 		}
    314. 

  314. 	?>
    315. 

  315. 	<!-- Made for Revolution Theme v2 -->
    316. 

  316. 	<style type="text/css">
    317. 

  317. 	div.main-content {
    318. 

  318. 		background:transparent;
    319. 

  319. 		border:none;
    320. 

  320. 		padding:0;
    321. 

  321. 		border-radius:0px;
    322. 

  322. 		-moz-border-radius:0px;
    323. 

  323. 	}
    324. 

  324. 	</style>
    325. 

  325. 	<table style='width:200px' align='center'>
    326. 

  326. 	  <tr style='background-color:transparent;' >
    327. 

  327. 		<td style='background-color:transparent;' >
    328. 

  328. 		<div class='bloc' >
    329. 

  329. 		<h4><?php print_lang('login_title'); ?></h4>
    330. 

  330. 		<br>
    331. 

  331. 		<form action="index.php<?php echo preg_replace( "/\&amp;/", "?", $lang_switch ); ?>" name="login_form" method="post">
    332. 

  332. 		<table>
    333. 

  333. 			<tr>
    334. 

  334. 				<td><?php print_lang('lang'); ?>:</td>
    335. 

  335. 				<td><?php echo $lang_sel; ?></td>
    336. 

  336. 			</tr>
    337. 

  337. 			<tr>
    338. 

  338. 				<td><?php print_lang('login'); ?>:</td>
    339. 

  339. 				<td><input type="text" name="ulogin" id="ulogin" value="" size="20" /></td>
    340. 

  340. 			</tr>
    341. 

  341. 			<tr>
    342. 

  342. 				<td><?php print_lang('password'); ?>:</td>
    343. 

  343. 				<td><input type="password" name="upassword" value="" size="20" /></td>
    344. 

  344. 			</tr>
    345. 

  345. 			<?php 
    346. 

  346. 				if($settings['recaptcha_use_login'] == "1" && !empty($settings['recaptcha_site_key']) && !empty($settings['recaptcha_secret_key'])){
    347. 

  347. 			?>
    348. 

  348. 			<tr>
    349. 

  349. 				<td><?php print_lang('solve_captcha'); ?>:</td>
    350. 

  350. 				<td>
    351. 

  351. 					<script src="https://www.google.com/recaptcha/api.js"></script>
    352. 

  352. 					<div style="display: inline-block;" class="g-recaptcha" data-sitekey="<?php echo $settings['recaptcha_site_key']; ?>"></div>
    353. 

  353. 				</td>
    354. 

  354. 			</tr>
    355. 

  355. 			<?php
    356. 

  356. 				}
    357. 

  357. 			?>
    358. 

  358. 			<tr>
    359. 

  359. 				<td><input type="submit" name="login" value="<?php print_lang('login_button'); ?>" /></td>
    360. 

  360. 				<td><a href="?m=lostpwd<?php echo $lang_switch; ?>"><?php print_lang('lost_passwd'); ?></a></td>
    361. 

  361. 			</tr>
    362. 

  362. 		</table>
    363. 

  363. 		</form>
    364. 

  364. 		<script language="JavaScript">
    365. 

  365. 			document.login_form.ulogin.focus();
    366. 

  366. 		</script> 
    367. 

  367. 		<br>
    368. 

  368. 		</div>
    369. 

  369. 		</td>
    370. 

  370. 	  </tr>
    371. 

  371. 	</table>
    372. 

  372. 	<?php
    373. 

  373. 	}
    374. 

  374. 	?>
    375. 

  375. 	<div class="clear"></div>	
    376. 

  376. 	%botbody%
    377. 

  377. 	%bottom%
    378. 

  378. <?php
    379. 

  379. }
    380. 

  380. ?>
    381.