query("
SELECT
code,
name
FROM
hlstats_Games
WHERE
hidden='0'
ORDER BY
name ASC
LIMIT 0,1
");
list($game) = $db->fetch_row($resultGames);
}
class Auth
{
var $ok = false;
var $error = false;
var $username, $password, $savepass;
var $sessionStart, $session;
var $userdata = array();
function Auth()
{
//@session_start();
if (valid_request($_POST['authusername'], 0))
{
$this->username = valid_request($_POST['authusername'], 0);
$this->password = valid_request($_POST['authpassword'], 0);
$this->savepass = valid_request($_POST['authsavepass'], 0);
$this->sessionStart = 0;
# clear POST vars so as not to confuse the receiving page
$_POST = array();
$this->session = false;
if($this->checkPass()==true)
{
// if we have success, save it in this users SESSION
$_SESSION['username']=$this->username;
$_SESSION['password']=$this->password;
$_SESSION['authsessionStart']=time();
$_SESSION['acclevel'] = $this->userdata['acclevel'];
}
}
elseif (isset($_SESSION['loggedin']))
{
$this->username = $_SESSION['username'];
$this->password = $_SESSION['password'];
$this->savepass = 0;
$this->sessionStart = $_SESSION['authsessionStart'];
$this->ok = true;
$this->error = false;
$this->session = true;
if(!$this->checkPass())
{
unset($_SESSION['loggedin']);
}
}
else
{
$this->ok = false;
$this->error = false;
$this->session = false;
$this->printAuth();
}
}
function checkPass()
{
global $db;
$db->query("
SELECT
*
FROM
hlstats_Users
WHERE
username='$this->username'
LIMIT 1
");
if ($db->num_rows() == 1)
{
// The username is OK
$this->userdata = $db->fetch_array();
$db->free_result();
if (md5($this->password) == $this->userdata["password"])
{
// The username and the password are OK
$this->ok = true;
$this->error = false;
$_SESSION['loggedin']=1;
if ($this->sessionStart > (time() - 3600))
{
// Valid session, update session time & display the page
$this->doCookies();
return true;
}
elseif ($this->sessionStart)
{
// A session exists but has expired
if ($this->savepass)
{
// They selected 'Save my password' so we just
// generate a new session and show the page.
$this->doCookies();
return true;
}
else
{
$this->ok = false;
$this->error = 'Your session has expired. Please try again.';
$this->password = '';
$this->printAuth();
return false;
}
}
elseif (!$this->session)
{
// No session and no cookies, but the user/pass was
// POSTed, so we generate cookies.
$this->doCookies();
return true;
}
else
{
// No session, user/pass from a cookie, so we force auth
$this->printAuth();
return false;
}
}
else
{
// The username is OK but the password is wrong
$this->ok = false;
if ($this->session)
{
// Cookie without 'Save my password' - not an error
$this->error = false;
}
else
{
$this->error = 'The password you supplied is incorrect.';
}
$this->password = '';
$this->printAuth();
}
}
else
{
// The username is wrong
$this->ok = false;
$this->error = 'The username you supplied is not valid.';
$this->printAuth();
}
}
function doCookies()
{
return;
setcookie('authusername', $this->username, time() + 31536000, '', '', 0);
if ($this->savepass)
{
setcookie('authpassword', $this->password, time() + 31536000, '', '', 0);
}
else
{
setcookie('authpassword', $this->password, 0, '', '', 0);
}
setcookie('authsavepass', $this->savepass, time() + 31536000, '', '', 0);
setcookie('authsessionStart', time(), 0, '', '', 0);
}
function printAuth()
{
global $g_options;
include (PAGE_PATH . '/adminauth.php');
}
}
class AdminTask
{
var $title = '';
var $acclevel = 0;
var $type = '';
var $description = '';
function AdminTask($title, $acclevel, $type = 'general', $description = '', $group = '')
{
$this->title = $title;
$this->acclevel = $acclevel;
$this->type = $type;
$this->description = $description;
$this->group = $group;
}
}
class EditList
{
var $columns;
var $keycol;
var $table;
var $deleteCallback;
var $icon;
var $showid;
var $drawDetailsLink;
var $DetailsLink;
var $errors;
var $newerror;
var $helpTexts;
var $helpKey;
var $helpDIV;
function EditList($keycol, $table, $icon, $showid = true, $drawDetailsLink = false, $DetailsLink = '', $deleteCallback = null)
{
$this->keycol = $keycol;
$this->table = $table;
$this->icon = $icon;
$this->showid = $showid;
$this->drawDetailsLink = $drawDetailsLink;
$this->DetailsLink = $DetailsLink;
$this->helpKey = '';
$this->deleteCallback = $deleteCallback;
}
function setHelp($div, $key, $texts)
{
$this->helpDIV = $div;
$this->helpKey = $key;
$this->helpTexts = $texts;
$returnstr = '';
if ($this->helpKey != '')
{
$returnstr .= "\n";
$returnstr .= '
No help text available
';
}
return $returnstr;
}
function update()
{
global $db;
$okcols = 0;
foreach ($this->columns as $col)
{
$value = mystripslashes($_POST["new_$col->name"]);
// legacy code that should have never been here. these should never be html-escaped in the db.
// if there's a problem with removing this, it needs to be fixed on the web/display end
// -psychonic
//
/*
if ( $col->name != 'rcon_password' && $col->type != 'password' && $col->name != 'pattern')
{
$value = htmlspecialchars($value);
}
*/
if ($value != '')
{
if ($col->type == 'ipaddress' && !preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $value))
{
$this->errors[] = "Column '$col->title' requires a valid IP address for new row";
$this->newerror = true;
$okcols++;
}
else
{
if ($qcols)
{
$qcols .= ', ';
}
$qcols .= $col->name;
if ($qvals)
{
$qvals .= ', ';
}
if ($col->type == 'password' && $col->name != 'rcon_password')
{
$value = md5($value);
}
$qvals .= "'" . $db->escape($value) . "'";
if ($col->type != 'select' && $col->type != 'hidden' && $value != $col->datasource)
{
$okcols++;
}
}
}
elseif ($col->required)
{
$this->errors[] = "Required column '$col->title' must have a value for new row";
$this->newerror = true;
}
}
if ($okcols > 0 && !$this->errors)
{
$db->query("
INSERT INTO
$this->table
(
$qcols
)
VALUES
(
$qvals
)");
}
elseif ($okcols == 0)
{
$this->errors = array();
$this->newerror = false;
}
if (!is_array($_POST['rows']))
{
return true;
}
foreach ($_POST['rows'] as $row)
{
if ($_POST[$row . '_delete'])
{
if ( !empty($this->deleteCallback) && is_callable($this->deleteCallback) )
{
call_user_func($this->deleteCallback, $row);
}
$db->query("
DELETE FROM
$this->table
WHERE
$this->keycol='" . $db->escape($row) . "'
");
}
else
{
$rowerror = false;
$query = "UPDATE $this->table SET ";
$i = 0;
foreach ($this->columns as $col)
{
if ($col->type == 'readonly')
{
continue;
}
$value = mystripslashes($_POST[$row . "_" . $col->name]);
// legacy code that should have never been here. these should never be html-escaped in the db.
// if there's a problem with removing this, it needs to be fixed on the web/display end
// -psychonic
//
/*
if ( $col->name != 'rcon_password' && $col->type != 'password' && $col->name != 'pattern')
{
$value = htmlspecialchars($value);
}
*/
if ($col->type == 'checkbox' && $value == ('' || null))
{
$value = '0';
}
if ($col->type == 'password' && $value == '(encrypted)')
{
continue;
}
if ($value == '' && $col->required)
{
$this->errors[] = "Required column '$col->title' must have a value for row '$row'";
$rowerror = true;
}
elseif ($col->type == "ipaddress" && !preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $value))
{
$this->errors[] = "Column '$col->title' requires a valid IP address for row '$row'";
$rowerror = true;
}
if ($i > 0)
{
$query .= ', ';
}
if ($col->type == 'password' && $col->name != 'rcon_password')
{
$query .= $col->name . "='" . md5($value) . "'";
}
else
{
$query .= $col->name . "='" . $db->escape($value) . "'";
}
$i++;
}
$query .= " WHERE $this->keycol='" . $db->escape($row) . "'";
if (!$rowerror)
{
$db->query($query);
}
}
}
if ($this->error())
{
return false;
}
else
{
return true;
}
}
function draw($result, $draw_new = true)
{
global $g_options, $db;
?>
';
if ($this->showid)
{
?>
columns as $col)
{
if ($col->type == 'hidden')
{
continue;
}
echo '
columns as $col)
{
if ($new)
{
$keyval = 'new';
$rowdata[$col->name] = $rowdata["new_$col->name"];
if ($stripslashes)
$rowdata[$col->name] = mystripslashes($rowdata[$col->name]);
}
else
{
$keyval = $rowdata[$this->keycol];
if ($stripslashes)
$keyval = mystripslashes($keyval);
}
if ($col->type != 'hidden')
{
echo '
';
}
if ($i == 0 && !$new)
{
echo '';
}
if ($col->maxlength < 1)
{
$col->maxlength = '';
}
switch ($col->type)
{
case 'select':
unset($coldata);
// for manual datasource in format "key/value;key/value" or "key;key"
foreach (explode(';', $col->datasource) as $v)
{
$sections = preg_match_all('/\//', $v, $dsaljfdsaf);
if ($sections == 2)
{
// for SQL datasource in format "table.column/keycolumn/where"
list($col_table, $col_col) = explode('.', $v);
list($col_col, $col_key, $col_where) = explode('/', $col_col);
if ($col_where)
{
$col_where = "WHERE $col_where";
}
$col_result = $db->query("SELECT $col_key, $col_col FROM $col_table $col_where ORDER BY $col_col");
$coldata = array();
while (list($a, $b) = $db->fetch_row($col_result))
{
$coldata[$a] = $b;
}
}
else if ($sections > 0)
{
list($a, $b) = explode('/', $v);
$coldata[$a] = $b;
}
else
{
$coldata[$v] = $v;
}
}
if ($col->width)
{
$width = ' style="width:' . $col->width * 5 . 'px"';
}
else
{
$width = '';
}
echo "';
break;
case 'checkbox':
$selectedval = '1';
$value = $rowdata[$col->name];
if ($value == $selectedval)
{
$selected = ' checked="checked"';
}
else
{
$selected = '';
}
echo '
name\" value=\"$selectedval\"$selected />
";
break;
case 'hidden':
echo 'name\" value=\"" . htmlspecialchars($col->datasource) . '" />';
break;
case 'readonly':
if (!$new)
{
echo html_entity_decode($rowdata[$col->name]);
break;
}
/* else fall through to default */
default:
if ($col->type == 'password')
{
$onclick = " onclick=\"if (this.value == '(encrypted)') this.value='';\"";
}
if ($col->datasource != '' && !isset($rowdata[$col->name]))
{
$value = $col->datasource;
}
else
{
$value = $rowdata[$col->name];
}
$onClick = '';
if ($this->helpKey != '')
{
$onClick = "onmouseover=\"javascript:showHelp('" . strtolower($rowdata[$this->helpKey]) . "')\" onmouseout=\"javascript:hideHelp()\"";
}
echo "name\" size=$col->width " . "value=\"" . htmlentities(html_entity_decode($value), ENT_COMPAT, 'UTF-8') . "\" class=\"textbox\"" . " maxlength=\"$col->maxlength\"$onclick />";
// doing htmlentities on something that we just decoded is because we need to encode them when we fill out a form, but we don't want to double encode them (some items like rcon are not encoded at all - but server names are)
}
if ($col->type != 'hidden')
{
echo "
\n";
}
$i++;
}
}
function error()
{
if (is_array($this->errors))
{
return implode("
\n\n", $this->errors);
}
else
{
return false;
}
}
}
class EditListColumn
{
var $name;
var $title;
var $width;
var $required;
var $type;
var $datasource;
var $maxlength;
function EditListColumn($name, $title, $width = 20, $required = false, $type = 'text', $datasource = '', $maxlength = 0)
{
$this->name = $name;
$this->title = $title;
$this->width = $width;
$this->required = $required;
$this->type = $type;
$this->datasource = $datasource;
$this->maxlength = intval($maxlength);
}
}
class PropertyPage
{
var $table;
var $keycol;
var $keyval;
var $propertygroups = array();
function PropertyPage($table, $keycol, $keyval, $groups)
{
$this->table = $table;
$this->keycol = $keycol;
$this->keyval = $keyval;
$this->propertygroups = $groups;
}
function draw($data)
{
foreach ($this->propertygroups as $group)
{
$group->draw($data);
}
}
function update()
{
global $db;
$setstrings = array();
foreach ($this->propertygroups as $group)
{
foreach ($group->properties as $prop)
{
if ($prop->name == 'name')
{
$value = $_POST[$prop->name];
$search_pattern = array('/script/i', '/;/', '/%/');
$replace_pattern = array('', '', '');
$value = preg_replace($search_pattern, $replace_pattern, $value);
$setstrings[] = $prop->name . "='" . $value . "'";
}
else
{
$setstrings[] = $prop->name . "='" . valid_request($_POST[$prop->name], 0) . "'";
}
}
}
$db->query("
UPDATE
" . $this->table . "
SET
" . implode(",\n", $setstrings) . "
WHERE
" . $this->keycol . "='" . mysql_real_escape_string($this->keyval) . "'
");
}
}
class PropertyPage_Group
{
var $title = '';
var $properties = array();
function PropertyPage_Group($title, $properties)
{
$this->title = $title;
$this->properties = $properties;
}
function draw($data)
{
global $g_options;
?>
title; ?>
properties as $prop)
{
$prop->draw($data[$prop->name]);
}
?>
name = $name;
$this->title = $title;
$this->type = $type;
$this->datasource = $datasource;
}
function draw($value)
{
global $g_options;
?>
title . ':';
?>
type)
{
case 'textarea':
echo "';
break;
case 'select':
// for manual datasource in format "key/value;key/value" or "key;key"
foreach (explode(';', $this->datasource) as $v)
{
if (preg_match('/\//', $v))
{
list($a, $b) = explode('/', $v);
$coldata[$a] = $b;
}
else
{
$coldata[$v] = $v;
}
}
echo getSelect($this->name, $coldata, $value);
break;
default:
echo "name\" size=35 value=\"" . htmlspecialchars($value) . "\" class=\"textbox\" />";
break;
}
?>
query("
SELECT
name,
code
FROM
hlstats_Games
WHERE
hidden = '0'
ORDER BY
name ASC
;
");
while ($gamedata = $db->fetch_array($gamesresult))
{
$gamename = $gamedata['name'];
$gamecode = $gamedata['code'];
if ($gamecode == $selGame)
{
?>
()
$task)
{
if ($auth->userdata['acclevel'] >= $task->acclevel && $task->type == 'game')
{
if ($selTask == $code)
{
?>
title; ?>