query(" SELECT code, name FROM hlstats_Games WHERE hidden='0' ORDER BY name ASC LIMIT 0,1 "); list($game) = $db->fetch_row($resultGames); } class Auth { var $ok = false; var $error = false; var $username, $password, $savepass; var $sessionStart, $session; var $userdata = array(); function Auth() { //@session_start(); if (valid_request($_POST['authusername'], 0)) { $this->username = valid_request($_POST['authusername'], 0); $this->password = valid_request($_POST['authpassword'], 0); $this->savepass = valid_request($_POST['authsavepass'], 0); $this->sessionStart = 0; # clear POST vars so as not to confuse the receiving page $_POST = array(); $this->session = false; if($this->checkPass()==true) { // if we have success, save it in this users SESSION $_SESSION['username']=$this->username; $_SESSION['password']=$this->password; $_SESSION['authsessionStart']=time(); $_SESSION['acclevel'] = $this->userdata['acclevel']; } } elseif (isset($_SESSION['loggedin'])) { $this->username = $_SESSION['username']; $this->password = $_SESSION['password']; $this->savepass = 0; $this->sessionStart = $_SESSION['authsessionStart']; $this->ok = true; $this->error = false; $this->session = true; if(!$this->checkPass()) { unset($_SESSION['loggedin']); } } else { $this->ok = false; $this->error = false; $this->session = false; $this->printAuth(); } } function checkPass() { global $db; $db->query(" SELECT * FROM hlstats_Users WHERE username='$this->username' LIMIT 1 "); if ($db->num_rows() == 1) { // The username is OK $this->userdata = $db->fetch_array(); $db->free_result(); if (md5($this->password) == $this->userdata["password"]) { // The username and the password are OK $this->ok = true; $this->error = false; $_SESSION['loggedin']=1; if ($this->sessionStart > (time() - 3600)) { // Valid session, update session time & display the page $this->doCookies(); return true; } elseif ($this->sessionStart) { // A session exists but has expired if ($this->savepass) { // They selected 'Save my password' so we just // generate a new session and show the page. $this->doCookies(); return true; } else { $this->ok = false; $this->error = 'Your session has expired. Please try again.'; $this->password = ''; $this->printAuth(); return false; } } elseif (!$this->session) { // No session and no cookies, but the user/pass was // POSTed, so we generate cookies. $this->doCookies(); return true; } else { // No session, user/pass from a cookie, so we force auth $this->printAuth(); return false; } } else { // The username is OK but the password is wrong $this->ok = false; if ($this->session) { // Cookie without 'Save my password' - not an error $this->error = false; } else { $this->error = 'The password you supplied is incorrect.'; } $this->password = ''; $this->printAuth(); } } else { // The username is wrong $this->ok = false; $this->error = 'The username you supplied is not valid.'; $this->printAuth(); } } function doCookies() { return; setcookie('authusername', $this->username, time() + 31536000, '', '', 0); if ($this->savepass) { setcookie('authpassword', $this->password, time() + 31536000, '', '', 0); } else { setcookie('authpassword', $this->password, 0, '', '', 0); } setcookie('authsavepass', $this->savepass, time() + 31536000, '', '', 0); setcookie('authsessionStart', time(), 0, '', '', 0); } function printAuth() { global $g_options; include (PAGE_PATH . '/adminauth.php'); } } class AdminTask { var $title = ''; var $acclevel = 0; var $type = ''; var $description = ''; function AdminTask($title, $acclevel, $type = 'general', $description = '', $group = '') { $this->title = $title; $this->acclevel = $acclevel; $this->type = $type; $this->description = $description; $this->group = $group; } } class EditList { var $columns; var $keycol; var $table; var $deleteCallback; var $icon; var $showid; var $drawDetailsLink; var $DetailsLink; var $errors; var $newerror; var $helpTexts; var $helpKey; var $helpDIV; function EditList($keycol, $table, $icon, $showid = true, $drawDetailsLink = false, $DetailsLink = '', $deleteCallback = null) { $this->keycol = $keycol; $this->table = $table; $this->icon = $icon; $this->showid = $showid; $this->drawDetailsLink = $drawDetailsLink; $this->DetailsLink = $DetailsLink; $this->helpKey = ''; $this->deleteCallback = $deleteCallback; } function setHelp($div, $key, $texts) { $this->helpDIV = $div; $this->helpKey = $key; $this->helpTexts = $texts; $returnstr = ''; if ($this->helpKey != '') { $returnstr .= "\n"; $returnstr .= '
No help text available
'; } return $returnstr; } function update() { global $db; $okcols = 0; foreach ($this->columns as $col) { $value = mystripslashes($_POST["new_$col->name"]); // legacy code that should have never been here. these should never be html-escaped in the db. // if there's a problem with removing this, it needs to be fixed on the web/display end // -psychonic // /* if ( $col->name != 'rcon_password' && $col->type != 'password' && $col->name != 'pattern') { $value = htmlspecialchars($value); } */ if ($value != '') { if ($col->type == 'ipaddress' && !preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $value)) { $this->errors[] = "Column '$col->title' requires a valid IP address for new row"; $this->newerror = true; $okcols++; } else { if ($qcols) { $qcols .= ', '; } $qcols .= $col->name; if ($qvals) { $qvals .= ', '; } if ($col->type == 'password' && $col->name != 'rcon_password') { $value = md5($value); } $qvals .= "'" . $db->escape($value) . "'"; if ($col->type != 'select' && $col->type != 'hidden' && $value != $col->datasource) { $okcols++; } } } elseif ($col->required) { $this->errors[] = "Required column '$col->title' must have a value for new row"; $this->newerror = true; } } if ($okcols > 0 && !$this->errors) { $db->query(" INSERT INTO $this->table ( $qcols ) VALUES ( $qvals )"); } elseif ($okcols == 0) { $this->errors = array(); $this->newerror = false; } if (!is_array($_POST['rows'])) { return true; } foreach ($_POST['rows'] as $row) { if ($_POST[$row . '_delete']) { if ( !empty($this->deleteCallback) && is_callable($this->deleteCallback) ) { call_user_func($this->deleteCallback, $row); } $db->query(" DELETE FROM $this->table WHERE $this->keycol='" . $db->escape($row) . "' "); } else { $rowerror = false; $query = "UPDATE $this->table SET "; $i = 0; foreach ($this->columns as $col) { if ($col->type == 'readonly') { continue; } $value = mystripslashes($_POST[$row . "_" . $col->name]); // legacy code that should have never been here. these should never be html-escaped in the db. // if there's a problem with removing this, it needs to be fixed on the web/display end // -psychonic // /* if ( $col->name != 'rcon_password' && $col->type != 'password' && $col->name != 'pattern') { $value = htmlspecialchars($value); } */ if ($col->type == 'checkbox' && $value == ('' || null)) { $value = '0'; } if ($col->type == 'password' && $value == '(encrypted)') { continue; } if ($value == '' && $col->required) { $this->errors[] = "Required column '$col->title' must have a value for row '$row'"; $rowerror = true; } elseif ($col->type == "ipaddress" && !preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $value)) { $this->errors[] = "Column '$col->title' requires a valid IP address for row '$row'"; $rowerror = true; } if ($i > 0) { $query .= ', '; } if ($col->type == 'password' && $col->name != 'rcon_password') { $query .= $col->name . "='" . md5($value) . "'"; } else { $query .= $col->name . "='" . $db->escape($value) . "'"; } $i++; } $query .= " WHERE $this->keycol='" . $db->escape($row) . "'"; if (!$rowerror) { $db->query($query); } } } if ($this->error()) { return false; } else { return true; } } function draw($result, $draw_new = true) { global $g_options, $db; ?>
'; if ($this->showid) { ?> columns as $col) { if ($col->type == 'hidden') { continue; } echo '\n"; } if ($this->drawDetailsLink) { ?> fetch_array($result)) { echo "\n\n"; echo '\n"; if ($this->showid) { echo '\n"; } $this->drawfields($rowdata, false, false); if ($this->drawDetailsLink) { global $gamecode; ?> \n\n"; } ?> " . "new\n"; if ($this->showid) echo "\n"; if ($this->newerror) { $this->drawfields($_POST, true, true); } else { $this->drawfields(array(), true); } echo "\n"; } ?>
' . $col->title . "
'; if (file_exists(IMAGE_PATH . "/$this->icon.gif")) { echo 'icon.gif\" width=\"16\" height=\"16\" border=\"0\" alt=\"\" />"; } else { echo '\"\""; } echo "' . $rowdata[$this->keycol] . "DetailsLink . "&key=" . $rowdata[$this->keycol] . "'>CONFIGURE"; ?>
" . " 


columns as $col) { if ($new) { $keyval = 'new'; $rowdata[$col->name] = $rowdata["new_$col->name"]; if ($stripslashes) $rowdata[$col->name] = mystripslashes($rowdata[$col->name]); } else { $keyval = $rowdata[$this->keycol]; if ($stripslashes) $keyval = mystripslashes($keyval); } if ($col->type != 'hidden') { echo ''; } if ($i == 0 && !$new) { echo ''; } if ($col->maxlength < 1) { $col->maxlength = ''; } switch ($col->type) { case 'select': unset($coldata); // for manual datasource in format "key/value;key/value" or "key;key" foreach (explode(';', $col->datasource) as $v) { $sections = preg_match_all('/\//', $v, $dsaljfdsaf); if ($sections == 2) { // for SQL datasource in format "table.column/keycolumn/where" list($col_table, $col_col) = explode('.', $v); list($col_col, $col_key, $col_where) = explode('/', $col_col); if ($col_where) { $col_where = "WHERE $col_where"; } $col_result = $db->query("SELECT $col_key, $col_col FROM $col_table $col_where ORDER BY $col_col"); $coldata = array(); while (list($a, $b) = $db->fetch_row($col_result)) { $coldata[$a] = $b; } } else if ($sections > 0) { list($a, $b) = explode('/', $v); $coldata[$a] = $b; } else { $coldata[$v] = $v; } } if ($col->width) { $width = ' style="width:' . $col->width * 5 . 'px"'; } else { $width = ''; } echo "'; break; case 'checkbox': $selectedval = '1'; $value = $rowdata[$col->name]; if ($value == $selectedval) { $selected = ' checked="checked"'; } else { $selected = ''; } echo '
name\" value=\"$selectedval\"$selected />
"; break; case 'hidden': echo 'name\" value=\"" . htmlspecialchars($col->datasource) . '" />'; break; case 'readonly': if (!$new) { echo html_entity_decode($rowdata[$col->name]); break; } /* else fall through to default */ default: if ($col->type == 'password') { $onclick = " onclick=\"if (this.value == '(encrypted)') this.value='';\""; } if ($col->datasource != '' && !isset($rowdata[$col->name])) { $value = $col->datasource; } else { $value = $rowdata[$col->name]; } $onClick = ''; if ($this->helpKey != '') { $onClick = "onmouseover=\"javascript:showHelp('" . strtolower($rowdata[$this->helpKey]) . "')\" onmouseout=\"javascript:hideHelp()\""; } echo "name\" size=$col->width " . "value=\"" . htmlentities(html_entity_decode($value), ENT_COMPAT, 'UTF-8') . "\" class=\"textbox\"" . " maxlength=\"$col->maxlength\"$onclick />"; // doing htmlentities on something that we just decoded is because we need to encode them when we fill out a form, but we don't want to double encode them (some items like rcon are not encoded at all - but server names are) } if ($col->type != 'hidden') { echo "\n"; } $i++; } } function error() { if (is_array($this->errors)) { return implode("

\n\n", $this->errors); } else { return false; } } } class EditListColumn { var $name; var $title; var $width; var $required; var $type; var $datasource; var $maxlength; function EditListColumn($name, $title, $width = 20, $required = false, $type = 'text', $datasource = '', $maxlength = 0) { $this->name = $name; $this->title = $title; $this->width = $width; $this->required = $required; $this->type = $type; $this->datasource = $datasource; $this->maxlength = intval($maxlength); } } class PropertyPage { var $table; var $keycol; var $keyval; var $propertygroups = array(); function PropertyPage($table, $keycol, $keyval, $groups) { $this->table = $table; $this->keycol = $keycol; $this->keyval = $keyval; $this->propertygroups = $groups; } function draw($data) { foreach ($this->propertygroups as $group) { $group->draw($data); } } function update() { global $db; $setstrings = array(); foreach ($this->propertygroups as $group) { foreach ($group->properties as $prop) { if ($prop->name == 'name') { $value = $_POST[$prop->name]; $search_pattern = array('/script/i', '/;/', '/%/'); $replace_pattern = array('', '', ''); $value = preg_replace($search_pattern, $replace_pattern, $value); $setstrings[] = $prop->name . "='" . $value . "'"; } else { $setstrings[] = $prop->name . "='" . valid_request($_POST[$prop->name], 0) . "'"; } } } $db->query(" UPDATE " . $this->table . " SET " . implode(",\n", $setstrings) . " WHERE " . $this->keycol . "='" . mysql_real_escape_string($this->keyval) . "' "); } } class PropertyPage_Group { var $title = ''; var $properties = array(); function PropertyPage_Group($title, $properties) { $this->title = $title; $this->properties = $properties; } function draw($data) { global $g_options; ?> title; ?>
properties as $prop) { $prop->draw($data[$prop->name]); } ?>


name = $name; $this->title = $title; $this->type = $type; $this->datasource = $datasource; } function draw($value) { global $g_options; ?> title . ':'; ?> type) { case 'textarea': echo "'; break; case 'select': // for manual datasource in format "key/value;key/value" or "key;key" foreach (explode(';', $this->datasource) as $v) { if (preg_match('/\//', $v)) { list($a, $b) = explode('/', $v); $coldata[$a] = $b; } else { $coldata[$v] = $v; } } echo getSelect($this->name, $coldata, $value); break; default: echo "name\" size=35 value=\"" . htmlspecialchars($value) . "\" class=\"textbox\" />"; break; } ?>
.gif" width="16" height="16" border="0" hspace="5" alt="" /> $msg"; ?>


ok===false) { return; } pageHeader(array('Admin'), array('Admin' => '')); $selTask = valid_request($_GET['task'], 0); $selGame = valid_request($_GET['game'], 0); ?>
type == 'tool' || $admintasks[$selTask]->type == 'subtool')) { $task = $admintasks[$selTask]; $code = $selTask; ?>   Tools

  General Settings

$task) { if ($auth->userdata['acclevel'] >= $task->acclevel && $task->type == 'general') { if ($selTask == $code) { ?>      title; ?>

 


     title; ?>

  Game Settings

query(" SELECT name, code FROM hlstats_Games WHERE hidden = '0' ORDER BY name ASC ; "); while ($gamedata = $db->fetch_array($gamesresult)) { $gamename = $gamedata['name']; $gamecode = $gamedata['code']; if ($gamecode == $selGame) { ?>       ()

$task) { if ($auth->userdata['acclevel'] >= $task->acclevel && $task->type == 'game') { if ($selTask == $code) { ?>          title; ?>

 


         title; ?>

      ()

\n"; if (!$selTask || !$admintasks[$selTask]) { echo '		'; ?>   Tools
    $task) { if ($auth->userdata['acclevel'] >= $task->acclevel && $task->type == 'tool') { ?>
  • title; ?>
    description; ?>

  • Version Check
    Checking for update... " />
'; } ?>