Home Esplora Aiuto
Accedi
yosoyhendrix
/
OGP-Website
mirror da https://github.com/OpenGamePanel/OGP-Website
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): f43a44ccdc
Rami (Branch) Tag
OGP-Website
/
index.php

index.php 12 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371 
  1. <?php
    2. 

  2. /*
    3. 

  3.  *
    4. 

  4.  * OGP - Open Game Panel
    5. 

  5.  * Copyright (C) Copyright (C) 2008 - 2013 The OGP Development Team
    6. 

  6.  *
    7. 

  7.  * http://www.opengamepanel.org/
    8. 

  8.  *
    9. 

  9.  * This program is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU General Public License
    11. 

  11.  * as published by the Free Software Foundation; either version 2
    12. 

  12.  * of the License, or any later version.
    13. 

  13.  *
    14. 

  14.  * This program is distributed in the hope that it will be useful,
    15. 

  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    17. 

  17.  * GNU General Public License for more details.
    18. 

  18.  *
    19. 

  19.  * You should have received a copy of the GNU General Public License
    20. 

  20.  * along with this program; if not, write to the Free Software
    21. 

  21.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
    22. 

  22.  *
    23. 

  23.  */
    24. 

  24.  
    25. 

  25. // Report all PHP errors
    26. 

  26. error_reporting(E_ERROR);
    27. 

  27. 

  28. // Path definitions
    29. 

  29. define("IMAGES", "images/");
    30. 

  30. define("INCLUDES", "includes/");
    31. 

  31. define("MODULES", "modules/");
    32. 

  32. 

  33. define("CONFIG_FILE","includes/config.inc.php");
    34. 

  34. 

  35. require_once("includes/functions.php");
    36. 

  36. require_once("includes/helpers.php");
    37. 

  37. require_once("includes/html_functions.php");
    38. 

  38. 

  39. // Start the session valid for opengamepanel_web only
    40. 

  40. startSession();
    41. 

  41. 

  42. // Useful for debugging :)
    43. 

  43. // echo "<p>Session ID is " . session_id() . "</p>";
    44. 

  44. // echo "<p>Lifetime is: " . $cookie_lifetime . "<br />Dir is " . rtrim(dirname($_SERVER["SCRIPT_NAME"]),"/") . "/" . "<br /> Session cookie domain path is " . $session_cookie_domain_path . "<br />SSL is " . $ssl . "</p>";
    45. 

  45. 

  46. //Config Check
    47. 

  47. $config_inc_readable = is_readable(CONFIG_FILE);
    48. 

  48. if ( !$config_inc_readable && file_exists("install.php") ) {
    49. 

  49. 	header('Location: install.php');
    50. 

  50. 	exit();
    51. 

  51. }
    52. 

  52. if ( '' == file_get_contents(CONFIG_FILE) ) { 
    53. 

  53. 	header('Location: install.php');
    54. 

  54. 	exit();
    55. 

  55. }
    56. 

  56. 

  57. require_once CONFIG_FILE;
    58. 

  58. // Connect to the database server and select database.
    59. 

  59. $db = createDatabaseConnection($db_type, $db_host, $db_user, $db_pass, $db_name, $table_prefix);
    60. 

  60. $settings = $db->getSettings();
    61. 

  61. @$GLOBALS['panel_language'] = $settings['panel_language'];
    62. 

  62. 

  63. // Load languages.
    64. 

  64. include_once("includes/lang.php");
    65. 

  65. ogpLang();
    66. 

  66. 

  67. require_once("includes/view.php");
    68. 

  68. $view = new OGPView();
    69. 

  69. $view->setCharset( lang_charset );
    70. 

  70. if(isset($_GET['type']) && $_GET['type'] == 'cleared')
    71. 

  71. {
    72. 

  72. 	heading(true);
    73. 

  73. 	$view->printView(true);
    74. 

  74. }
    75. 

  75. else
    76. 

  76. {
    77. 

  77. 	ogpHome();
    78. 

  78. 	$view->printView();
    79. 

  79. }
    80. 

  80. 

  81. function heading()
    82. 

  82. {
    83. 

  83. 

  84. 	global $db,$view,$settings;
    85. 

  85. 	
    86. 

  86. 	$view->setCharset( lang_charset );
    87. 

  87. 	$view->setTimeZone($settings['time_zone']);
    88. 

  88. 	
    89. 

  89. 	if ( !file_exists(CONFIG_FILE) )
    90. 

  90.     {
    91. 

  91.         print_failure( failed_to_read_config );
    92. 

  92.         $view->refresh("index.php");
    93. 

  93.         return;
    94. 

  94.     }
    95. 

  95.     // Start Output Buffering
    96. 

  96.     	
    97. 

  97. 	if( isset($settings['maintenance_mode']) && $settings['maintenance_mode'] == "1" )
    98. 

  98. 	{
    99. 

  99. 		if ($_SESSION['users_group'] != "admin" )
    100. 

  100. 		{
    101. 

  101. 			echo "<h2>".$settings['maintenance_title']."</h2>";
    102. 

  102. 			echo "<p>".$settings['maintenance_message']."</p>";
    103. 

  103. 			$view->setTitle("OGP: Maintenance.");
    104. 

  104. 			echo "<p class='failure'>". logging_out_10 ."...</p>";
    105. 

  105. 			$view->refresh("index.php", 10);
    106. 

  106. 			session_destroy();
    107. 

  107. 			return;
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. 	include "includes/navig.php";
    111. 

  111. 	if(isset($maintenance))echo $maintenance;
    112. 

  112. }
    113. 

  113. 

  114. function ogpHome()
    115. 

  115. {
    116. 

  116.     global $db,$view,$settings;
    117. 

  117. 	
    118. 

  118. 	if( isset($_GET['lang']) AND $_GET['lang'] != "-")
    119. 

  119. 		$lang = $_GET['lang'];
    120. 

  120. 	elseif( isset($settings['panel_language']) )
    121. 

  121. 		$lang = $settings['panel_language'];
    122. 

  122. 	else
    123. 

  123. 		$lang = "English";
    124. 

  124. 	
    125. 

  125. 	$locale_files = makefilelist("lang/", ".|..|.svn", true, "folders");
    126. 

  126. 	$lang_sel = "<select name='lang' onchange=\"this.form.submit();\" >\n".
    127. 

  127. 				"<option>-</option>\n";
    128. 

  128. 	for ($i=0;$i < count($locale_files);$i++) 
    129. 

  129. 	{
    130. 

  130. 		$selected = ( isset( $_GET['lang'] ) AND $_GET['lang'] != "-" AND $_GET['lang'] == $locale_files[$i] ) ? "selected='selected'" : "";
    131. 

  131. 		$lang_sel .= "<option $selected value='".$locale_files[$i]."' >".$locale_files[$i]."</option>\n";
    132. 

  132. 	}
    133. 

  133. 	$lang_sel .= "</select>\n";
    134. 

  134. 	$lang_switch = ( isset( $_GET['lang'] ) AND $_GET['lang'] != "-" ) ? "&amp;lang=" . $_GET['lang'] : "";
    135. 

  135. 	?>
    136. 

  136. 	%top%
    137. 

  137. 	<div class="menu-bg">
    138. 

  138. 		<div class="menu">
    139. 

  139. 		<ul>
    140. 

  140. 		<li><a href="index.php<?php echo preg_replace( "/\&amp;/", "?", $lang_switch ); ?>" <?php if (!isset($_GET['m'])) echo 'class="admin_menu_link_selected"'; else echo 'class="admin_menu_link"'; ?> target="_self" ><span class="controlpanellogin"><?php echo login_title; ?></span></a></li>
    141. 

  141. <?php
    142. 

  142. 	$menus = $db->getMenusForGroup('guest');
    143. 

  143. 	if(!empty($menus))
    144. 

  144. 	{
    145. 

  145. 		foreach ( $menus as $menu )
    146. 

  146. 		{
    147. 

  147. 			$module = $menu['module'];
    148. 

  148. 			if ( !empty( $menu['subpage'] ) )
    149. 

  149. 			{
    150. 

  150. 				$subpage = "&amp;p=".$menu['subpage'];
    151. 

  151. 				$button = $menu['subpage'];
    152. 

  152. 				if (isset($_GET['p']) AND $_GET['p'] == $menu['subpage'] ) $menu_link_class = 'user_menu_link_selected'; else $menu_link_class = 'user_menu_link';
    153. 

  153. 			}
    154. 

  154. 			else
    155. 

  155. 			{
    156. 

  156. 				$subpage = "";
    157. 

  157. 				$button = $menu['module'];
    158. 

  158. 				if (isset($_GET['m']) AND $_GET['m'] == $menu['module'] ) $menu_link_class = 'user_menu_link_selected'; else $menu_link_class = 'user_menu_link';
    159. 

  159. 			}
    160. 

  160. 						
    161. 

  161. 			$button_url = "?m=".$module.$subpage.$lang_switch;
    162. 

  162. 			
    163. 

  163. 			if ( preg_match( '/\\_?\\_/', get_lang("$button") ) )
    164. 

  164. 			{
    165. 

  165. 				$button_name = $menu['menu_name'];
    166. 

  166. 			}
    167. 

  167. 			else
    168. 

  168. 			{
    169. 

  169. 				$button_name = get_lang("$button");
    170. 

  170. 			}
    171. 

  171. 			
    172. 

  172. 			echo "<li><a class='".$menu_link_class."' href='".$button_url."'><span class='$button'>$button_name</span></a>
    173. 

  173. 				  </li>\n";
    174. 

  174. 		}
    175. 

  175. 	}
    176. 

  176. ?>
    177. 

  177. 		</ul>
    178. 

  178. 		</div>
    179. 

  179. 	</div>
    180. 

  180. 	%topbody%
    181. 

  181. 	<?php 
    182. 

  182. 	if (isset($_GET['m']))
    183. 

  183. 	{
    184. 

  184. 		heading();
    185. 

  185. 		//tagged for future use...
    186. 

  186. 		/*
    187. 

  187. 			$postdata = "";
    188. 

  188. 			foreach($_POST as $key =>$value)
    189. 

  189. 				$postdata .= ",'$key': '$value'";
    190. 

  190. 			$postdata = substr($postdata,1);
    191. 

  191. 			$postdata = "{".$postdata."}";
    192. 

  192. 		*/
    193. 

  193. 	}
    194. 

  194. 	else
    195. 

  195. 	{
    196. 

  196. 		$default_page = $db->isModuleInstalled('dashboard') ? "m=dashboard&amp;p=dashboard" : "m=gamemanager&p=game_monitor";
    197. 

  197. 		if ( isset($_SESSION['users_login']) )
    198. 

  198. 		{
    199. 

  199. 			$userInfo = $db->getUser($_SESSION['users_login']);
    200. 

  200. 			if( isset($_SESSION['users_passwd']) AND !empty($_SESSION['users_passwd']) AND $_SESSION['users_passwd'] == $userInfo['users_passwd'])
    201. 

  201. 			{
    202. 

  202. 				print_success( already_logged_in_redirecting_to_dashboard .".");
    203. 

  203. 				$view->refresh("home.php?$default_page",2);
    204. 

  204. 				echo "%botbody%
    205. 

  205. 					  %bottom%";
    206. 

  206. 				return;
    207. 

  207. 			}
    208. 

  208. 		}
    209. 

  209. 		
    210. 

  210. 		if ( isset($_POST['login']) )
    211. 

  211. 		{
    212. 

  212. 			$client_ip = getClientIPAddress();
    213. 

  213. 			
    214. 

  214. 			$ban_list = $db->resultQuery("SHOW TABLES LIKE 'OGP_DB_PREFIXban_list';");
    215. 

  215. 			if ( empty( $ban_list ) )
    216. 

  216. 			{
    217. 

  217. 				$db->query("CREATE TABLE IF NOT EXISTS `OGP_DB_PREFIXban_list` (
    218. 

  218. 							`client_ip` varchar(255) NOT NULL,
    219. 

  219. 							`logging_attempts` int(11) NOT NULL DEFAULT '0',
    220. 

  220. 							`banned_until` varchar(16) NOT NULL DEFAULT '0',
    221. 

  221. 							 PRIMARY KEY (`client_ip`)
    222. 

  222. 							) ENGINE=MyISAM DEFAULT CHARSET=latin1;");
    223. 

  223. 			}
    224. 

  224. 			
    225. 

  225. 			$banlist_info = $db->resultQuery("SELECT logging_attempts, banned_until FROM `OGP_DB_PREFIXban_list` WHERE client_ip='".$client_ip."';");
    226. 

  226. 			$login_attempts = !$banlist_info ? 0 : $banlist_info['0']['logging_attempts'];
    227. 

  227. 			
    228. 

  228. 			if( !$banlist_info )
    229. 

  229. 				$db->query("INSERT INTO `OGP_DB_PREFIXban_list` (`client_ip`) VALUES('$client_ip');");
    230. 

  230. 

  231. 			if( $banlist_info AND $banlist_info['0']['banned_until'] > 0 AND $banlist_info['0']['banned_until'] <= time() )
    232. 

  232. 			{
    233. 

  233. 				$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='0', banned_until='0' WHERE client_ip='$client_ip';");
    234. 

  234. 				$login_attempts = 0;
    235. 

  235. 			}
    236. 

  236. 			
    237. 

  237. 			if( $login_attempts == $settings["login_attempts_before_banned"] )
    238. 

  238. 			{
    239. 

  239. 				print_failure("Banned until " . date("r",$banlist_info['0']['banned_until']));
    240. 

  240. 				echo "%botbody%
    241. 

  241. 					  %bottom%";
    242. 

  242. 				return;
    243. 

  243. 			}
    244. 

  244. 						
    245. 

  245. 			$userInfo = $db->getUser($_POST['ulogin']);
    246. 

  246. 			
    247. 

  247. 			// If result matched $myusername and $mypassword, table row must be 1 row
    248. 

  248. 			if( isset($userInfo['users_passwd']) && md5($_POST['upassword']) == $userInfo['users_passwd'])
    249. 

  249. 			{
    250. 

  250. 				// Handle recaptcha if enabled
    251. 

  251. 				// But admins don't have to do this :)
    252. 

  252. 				if($settings['recaptcha_use_login'] == "1" && !empty($settings['recaptcha_site_key']) && !empty($settings['recaptcha_secret_key']) && $userInfo['users_role'] != "admin"){
    253. 

  253. 					$gRecaptchaResponse = sanitizeInputStr($_REQUEST['g-recaptcha-response']);
    254. 

  254. 					
    255. 

  255. 					$sitekey = $settings['recaptcha_site_key'];
    256. 

  256. 					$secretkey = $settings['recaptcha_secret_key'];
    257. 

  257. 		
    258. 

  258. 					require_once('includes/classes/recaptcha/autoload.php');
    259. 

  259. 					$recaptcha = new \ReCaptcha\ReCaptcha($secretkey);
    260. 

  260. 					$resp = $recaptcha->verify($gRecaptchaResponse, $client_ip);
    261. 

  261. 

  262. 					if (empty($gRecaptchaResponse) || !$resp->isSuccess()){
    263. 

  263. 						print_failure("Recaptcha failed. Try again!");
    264. 

  264. 						$view->refresh("index.php",5);
    265. 

  265. 						return; 
    266. 

  266. 					}
    267. 

  267. 				}
    268. 

  268. 				
    269. 

  269. 				$_SESSION['user_id'] = $userInfo['user_id'];
    270. 

  270. 				$_SESSION['users_login'] = $userInfo['users_login'];
    271. 

  271. 				$_SESSION['users_passwd'] = $userInfo['users_passwd'];
    272. 

  272. 				$_SESSION['users_group'] = $userInfo['users_role'];
    273. 

  273. 				$_SESSION['users_lang'] = isset( $_GET['lang'] ) ? $_GET['lang'] : $userInfo['users_lang'];
    274. 

  274. 				$_SESSION['users_theme'] = $userInfo['users_theme'];
    275. 

  275. 				print_success( logging_in ."...");
    276. 

  276. 				$db->logger( logging_in ."...");
    277. 

  277. 				$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='0', banned_until='0' WHERE client_ip = '$client_ip';");
    278. 

  278. 				$view->refresh("home.php?$default_page",2);
    279. 

  279. 			}
    280. 

  280. 			else
    281. 

  281. 			{
    282. 

  282. 				print_failure( bad_login );
    283. 

  283. 				$login_attempts++;
    284. 

  284. 				if( $login_attempts == $settings["login_attempts_before_banned"] )
    285. 

  285. 				{
    286. 

  286. 					$banned_until = time() + 300; // Five minutes banned from the panel.
    287. 

  287. 					$banlist_info['0']['banned_until'] = $banned_until;
    288. 

  288. 					$db->logger( bad_login . " ( Banned until " . date("r", $banned_until) . " ) [ " . login . ": $_POST[ulogin], " . password . ": $_POST[upassword] ]" );
    289. 

  289. 					$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='$login_attempts', banned_until='$banned_until' WHERE client_ip='$client_ip';");
    290. 

  290. 					print_failure("Banned until " . date("r",$banlist_info['0']['banned_until']));
    291. 

  291. 				}
    292. 

  292. 				else
    293. 

  293. 				{
    294. 

  294. 					$db->logger( bad_login . " ( $login_attempts ) [ " . login . ": $_POST[ulogin], " . password . ": $_POST[upassword] ]" );
    295. 

  295. 					$db->query("UPDATE `OGP_DB_PREFIXban_list` SET logging_attempts='$login_attempts' WHERE client_ip='$client_ip';");
    296. 

  296. 					$view->refresh("index.php",2);
    297. 

  297. 				}
    298. 

  298. 			}
    299. 

  299. 			echo "%botbody%
    300. 

  300. 				  %bottom%";
    301. 

  301. 			return;
    302. 

  302. 		}
    303. 

  303. 	?>
    304. 

  304. 	<!-- Made for Revolution Theme v2 -->
    305. 

  305. 	<style type="text/css">
    306. 

  306. 	div.main-content {
    307. 

  307. 		background:transparent;
    308. 

  308. 		border:none;
    309. 

  309. 		padding:0;
    310. 

  310. 		border-radius:0px;
    311. 

  311. 		-moz-border-radius:0px;
    312. 

  312. 	}
    313. 

  313. 	</style>
    314. 

  314. 	<table style='width:200px' align='center'>
    315. 

  315. 	  <tr style='background-color:transparent;' >
    316. 

  316. 		<td style='background-color:transparent;' >
    317. 

  317. 		<div class='bloc' >
    318. 

  318. 		<h4><?php print_lang('login_title'); ?></h4>
    319. 

  319. 		<br>
    320. 

  320. 		<form action="index.php<?php echo preg_replace( "/\&amp;/", "?", $lang_switch ); ?>" name="login_form" method="post">
    321. 

  321. 		<table>
    322. 

  322. 			<tr>
    323. 

  323. 				<td><?php print_lang('lang'); ?>:</td>
    324. 

  324. 				<td><?php echo $lang_sel; ?></td>
    325. 

  325. 			</tr>
    326. 

  326. 			<tr>
    327. 

  327. 				<td><?php print_lang('login'); ?>:</td>
    328. 

  328. 				<td><input type="text" name="ulogin" id="ulogin" value="" size="20" /></td>
    329. 

  329. 			</tr>
    330. 

  330. 			<tr>
    331. 

  331. 				<td><?php print_lang('password'); ?>:</td>
    332. 

  332. 				<td><input type="password" name="upassword" value="" size="20" /></td>
    333. 

  333. 			</tr>
    334. 

  334. 			<?php 
    335. 

  335. 				if($settings['recaptcha_use_login'] == "1" && !empty($settings['recaptcha_site_key']) && !empty($settings['recaptcha_secret_key'])){
    336. 

  336. 			?>
    337. 

  337. 			<tr>
    338. 

  338. 				<td><?php print_lang('solve_captcha'); ?>:</td>
    339. 

  339. 				<td>
    340. 

  340. 					<script src="https://www.google.com/recaptcha/api.js"></script>
    341. 

  341. 					<div style="display: inline-block;" class="g-recaptcha" data-sitekey="<?php echo $settings['recaptcha_site_key']; ?>"></div>
    342. 

  342. 				</td>
    343. 

  343. 			</tr>
    344. 

  344. 			<?php
    345. 

  345. 				}
    346. 

  346. 			?>
    347. 

  347. 			<tr>
    348. 

  348. 				<td><input type="submit" name="login" value="<?php print_lang('login_button'); ?>" /></td>
    349. 

  349. 				<td><a href="?m=lostpwd<?php echo $lang_switch; ?>"><?php print_lang('lost_passwd'); ?></a></td>
    350. 

  350. 			</tr>
    351. 

  351. 		</table>
    352. 

  352. 		</form>
    353. 

  353. 		<script language="JavaScript">
    354. 

  354. 			document.login_form.ulogin.focus();
    355. 

  355. 		</script> 
    356. 

  356. 		<br>
    357. 

  357. 		</div>
    358. 

  358. 		</td>
    359. 

  359. 	  </tr>
    360. 

  360. 	</table>
    361. 

  361. 	<?php
    362. 

  362. 	}
    363. 

  363. 	?>
    364. 

  364. 	<div class="clear"></div>	
    365. 

  365. 	%botbody%
    366. 

  366. 	%bottom%
    367. 

  367. <?php
    368. 

  368. }
    369. 

  369. 

  370. //
    371. 

  371. ?>
    372.