From 7f013b3e6502cae71e67bc6b6f81462aef13e911 Mon Sep 17 00:00:00 2001 From: erkkki Date: Wed, 1 Feb 2017 20:16:35 +0200 Subject: [PATCH 01/22] client side disable server stop/start if not admin. --- html/index.php | 13 ++++++++++--- html/login.php | 4 ++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/html/index.php b/html/index.php index 829db9b..874bd56 100644 --- a/html/index.php +++ b/html/index.php @@ -43,6 +43,9 @@ + // TODO remove this + // user lvl debug to js console. + console.log(user_name + " : " + user_level); @@ -107,9 +114,9 @@
Welcome, ..guest.. -  -     +      -  -  -  +  -   -  config -  diff --git a/html/login.php b/html/login.php index 764a581..fdc4d5f 100644 --- a/html/login.php +++ b/html/login.php @@ -40,8 +40,8 @@ } } if ($success) { - $_SESSION['login']['user']=$userN; - $_SESSION['login']['level']=$userL; + $_SESSION['login']['user'] = $userN; + $_SESSION['login']['level'] = $userL; //Send home if logged in header("Location: ./?d=server1"); die(); From 51620eb0056b5fe7c5d4ec8b39026975251a616b Mon Sep 17 00:00:00 2001 From: erkkki Date: Wed, 1 Feb 2017 20:19:22 +0200 Subject: [PATCH 02/22] client side disable force kill & update web control --- html/index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/html/index.php b/html/index.php index 874bd56..1ffb38d 100644 --- a/html/index.php +++ b/html/index.php @@ -99,7 +99,7 @@ if(isset($server_select_dropdown)) { echo $server_select_dropdown; } echo "\t\t})\xA"; ?> - // TODO remove this + // TODO remove this // user lvl debug to js console. console.log(user_name + " : " + user_level); @@ -120,11 +120,11 @@  -  config -  - + - + Logs
 -  From cafea892dd799f3f7dbe4ea1243908196822b86b Mon Sep 17 00:00:00 2001 From: erkkki Date: Wed, 1 Feb 2017 20:23:26 +0200 Subject: [PATCH 03/22] console log disabled if user !== admin --- html/assets/js/console.js | 5 ++++- html/index.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/html/assets/js/console.js b/html/assets/js/console.js index faaa83f..15fcfda 100644 --- a/html/assets/js/console.js +++ b/html/assets/js/console.js @@ -3,7 +3,10 @@ var dir = loc.substring(0, loc.lastIndexOf('/')); var refreshtime=500; function tc_console() { - asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=console",Math.random(),display,{},"console"); + if(user_level === 'admin'){ + asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=console",Math.random(),display,{},"console"); + } + asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=chat",Math.random(),display,{},"chat"); setTimeout(tc_console,refreshtime); } diff --git a/html/index.php b/html/index.php index 1ffb38d..b2fa628 100644 --- a/html/index.php +++ b/html/index.php @@ -140,7 +140,7 @@
- + "; ?>
  From fe36cd50ad7f48453d7c08f8cf737bd9c7343b46 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 09:17:45 +0200 Subject: [PATCH 04/22] changed user_level and user_name to be one object user {name, level} --- html/assets/js/base.js | 20 ++++++++++---------- html/assets/js/console.js | 2 +- html/index.php | 18 ++++++++++++------ 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/html/assets/js/base.js b/html/assets/js/base.js index 837e589..925cfee 100644 --- a/html/assets/js/base.js +++ b/html/assets/js/base.js @@ -1035,12 +1035,12 @@ function Download(url) { - if (user_level == "viewonly") { return; } + if (user.level === "viewonly") { return; } document.getElementById('file_iframe').src = url; } function server_sss(cmd) { - if(user_level == "viewonly" && (cmd == "start" || cmd == "stop" || cmd == "forcekill" )) { + if(user.level == "viewonly" && (cmd == "start" || cmd == "stop" || cmd == "forcekill" )) { customAlerts.add("You have view only access","warning",true); return; } @@ -1063,7 +1063,7 @@ function server_sss(cmd) { }; } function force_kill(cmd) { - if(user_level == "viewonly") { + if(user.level == "viewonly") { customAlerts.add("You have view only access",'warning',true); return; } @@ -1086,7 +1086,7 @@ function force_kill(cmd) { } } function command() { - if(user_level == "viewonly") { + if(user.level == "viewonly") { customAlerts.add("You have view only access","warning",true); return; } @@ -1159,7 +1159,7 @@ function uploadCanceled() { } function upload() { - if ($('#upload_file').val == "" || user_level == "viewonly") { + if ($('#upload_file').val == "" || user.level == "viewonly") { return; } var the_file; @@ -1235,7 +1235,7 @@ function command_history(args) { } function update_web_control(user_name) { - if(user_name=="admin") { + if(user_name === "admin") { var r = confirm("Update webgui and server control files?"); if (r == true) { $("#update_web_control").submit(); @@ -1287,13 +1287,13 @@ function files_delete() { //Things to only start doing after the page has finished loading $(document).ready(function() { - $('#welcome_user').text(user_name); + $('#welcome_user').text(user.name); tc_console(); $('#upload_file').on('change', function() { upload(); }); $('#delete_files').on('click', function() { - if(user_level == "viewonly") { + if(user.level == "viewonly") { customAlerts.add("You have view only access","warning",true); return; } @@ -1320,7 +1320,7 @@ $(document).ready(function() { }); //Upload button click event $('#upload_button').on('click', function() { - if(user_level == "viewonly") { + if(user.level == "viewonly") { customAlerts.add("You have view only access","warning",true); return; } @@ -1328,7 +1328,7 @@ $(document).ready(function() { }); $('#command').keydown(function(event) { if (event.keyCode == 13) command(); - if (user_level == "viewonly") { return; } + if (user.level == "viewonly") { return; } if (event.keyCode == 38) command_history('up'); if (event.keyCode == 40) command_history('down'); }); diff --git a/html/assets/js/console.js b/html/assets/js/console.js index 15fcfda..4763fae 100644 --- a/html/assets/js/console.js +++ b/html/assets/js/console.js @@ -3,7 +3,7 @@ var dir = loc.substring(0, loc.lastIndexOf('/')); var refreshtime=500; function tc_console() { - if(user_level === 'admin'){ + if(user.level === 'admin'){ asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=console",Math.random(),display,{},"console"); } diff --git a/html/index.php b/html/index.php index b2fa628..5a9c150 100644 --- a/html/index.php +++ b/html/index.php @@ -40,9 +40,18 @@ var server_select = ""; //you can try to change this if you really want. Validations are also done server side. //This is just for a better graphical experience, ie: if you're a viewonly account, why upload a file, just to be told you can't do that? + + var user = { + name: "", + level: "" + }; + + // TODO remove this + // user debug to js console. + console.log(user); - // TODO remove this - // user lvl debug to js console. - console.log(user_name + " : " + user_level); @@ -120,7 +126,7 @@  -  config -  - + From d32d41ed658f5dbc6e0ab312ad62e25df3caacb7 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 09:34:07 +0200 Subject: [PATCH 05/22] changed disabled buttons to remove them. + removed file controls --- html/index.php | 62 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 20 deletions(-) diff --git a/html/index.php b/html/index.php index 5a9c150..03c7d2c 100644 --- a/html/index.php +++ b/html/index.php @@ -119,19 +119,29 @@
- Welcome, ..guest.. -  -     -  -  -  -  -  -  - config -  - - - - - Logs + Welcome,  -  + Start    +  -  +  -  +  -  + config -  + + + + Logs +ADMIN; + } else { + echo <<Status -  +  -  +QUEST; + } + ?>
 -  Logout @@ -154,13 +164,25 @@
- - -  :  -  :  - - - + + +  :  +  :  + + + +ADMIN; + } else { + // TODO no access to file transfer for guests? + echo << +
From cdb57b0b6bea54016881c1b007d0b3592ed36d3a Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 09:39:47 +0200 Subject: [PATCH 06/22] disabled server side : stop start force kill from guests --- html/process.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/html/process.php b/html/process.php index ac13894..f0e1935 100644 --- a/html/process.php +++ b/html/process.php @@ -21,7 +21,7 @@ session_write_close(); if(isset($_REQUEST['start'])) { - if($user_level=="viewonly") { + if($user_level !== "admin") { echo "You have read only access."; } else { if(file_exists("$base_dir$server_select/server-settings.json")) { @@ -76,7 +76,7 @@ $output = shell_exec('bash '.$base_dir.'manage.sh "'.$server_select.'" "status" "'.$user_name.'"'); echo $output; } elseif(isset($_REQUEST['stop'])) { - if($user_level=="viewonly") { + if($user_level !== "admin") { echo "You have view only access."; } else { //echo "Sending Stop Server Command:\n\n"; @@ -84,7 +84,7 @@ echo $output; } } elseif(isset($_REQUEST['forcekill'])) { - if($user_level=="viewonly") { + if($user_level !== "admin") { echo "You have view only access."; } else { //echo "Sending Stop Server Command:\n\n"; @@ -97,7 +97,7 @@ echo "Servers killed. You monster."; } } elseif(isset($_REQUEST['command'])) { - if($user_level=="viewonly") { + if($user_level !== "admin") { echo "You have view only access.";//".$_REQUEST['command']; } else { //screen -S factorio1 -X at 0 stuff 'hello\n' From a64e00f4632706c6a53d61e3053e7b92ae12976c Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 09:50:55 +0200 Subject: [PATCH 07/22] disabled config and changed access to disable if user level is guest or viewonly --- html/assets/js/base.js | 16 ++++++++-------- html/index.php | 4 ++-- html/process.php | 8 ++++---- html/server-settings.php | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/html/assets/js/base.js b/html/assets/js/base.js index 925cfee..44f0ef4 100644 --- a/html/assets/js/base.js +++ b/html/assets/js/base.js @@ -1035,12 +1035,12 @@ function Download(url) { - if (user.level === "viewonly") { return; } + if (user.level === "viewonly" || user.level === "guest") { return; } document.getElementById('file_iframe').src = url; } function server_sss(cmd) { - if(user.level == "viewonly" && (cmd == "start" || cmd == "stop" || cmd == "forcekill" )) { + if((user.level === "viewonly" || user.level === "guest") && (cmd == "start" || cmd == "stop" || cmd == "forcekill" )) { customAlerts.add("You have view only access","warning",true); return; } @@ -1063,7 +1063,7 @@ function server_sss(cmd) { }; } function force_kill(cmd) { - if(user.level == "viewonly") { + if(user.level === "viewonly" || user.level === "guest") { customAlerts.add("You have view only access",'warning',true); return; } @@ -1086,7 +1086,7 @@ function force_kill(cmd) { } } function command() { - if(user.level == "viewonly") { + if(user.level === "viewonly" || user.level === "guest") { customAlerts.add("You have view only access","warning",true); return; } @@ -1159,7 +1159,7 @@ function uploadCanceled() { } function upload() { - if ($('#upload_file').val == "" || user.level == "viewonly") { + if ($('#upload_file').val == "" || user.level === "viewonly" || user.level === "guest") { return; } var the_file; @@ -1293,7 +1293,7 @@ $(document).ready(function() { upload(); }); $('#delete_files').on('click', function() { - if(user.level == "viewonly") { + if(user.level === "viewonly" || user.level === "guest"){ customAlerts.add("You have view only access","warning",true); return; } @@ -1320,7 +1320,7 @@ $(document).ready(function() { }); //Upload button click event $('#upload_button').on('click', function() { - if(user.level == "viewonly") { + if(user.level === "viewonly" || user.level === "guest") { customAlerts.add("You have view only access","warning",true); return; } @@ -1328,7 +1328,7 @@ $(document).ready(function() { }); $('#command').keydown(function(event) { if (event.keyCode == 13) command(); - if (user.level == "viewonly") { return; } + if (user.level === "viewonly" || user.level === "guest") { return; } if (event.keyCode == 38) command_history('up'); if (event.keyCode == 40) command_history('down'); }); diff --git a/html/index.php b/html/index.php index 03c7d2c..4bfcbba 100644 --- a/html/index.php +++ b/html/index.php @@ -121,7 +121,7 @@
Welcome,  -  Start     -  @@ -165,7 +165,7 @@
diff --git a/html/process.php b/html/process.php index f0e1935..03d7ecf 100644 --- a/html/process.php +++ b/html/process.php @@ -21,7 +21,7 @@ session_write_close(); if(isset($_REQUEST['start'])) { - if($user_level !== "admin") { + if($user_level == "viewonly" || $user_level == "guest") { echo "You have read only access."; } else { if(file_exists("$base_dir$server_select/server-settings.json")) { @@ -76,7 +76,7 @@ $output = shell_exec('bash '.$base_dir.'manage.sh "'.$server_select.'" "status" "'.$user_name.'"'); echo $output; } elseif(isset($_REQUEST['stop'])) { - if($user_level !== "admin") { + if($user_level == "viewonly" || $user_level == "guest") { echo "You have view only access."; } else { //echo "Sending Stop Server Command:\n\n"; @@ -84,7 +84,7 @@ echo $output; } } elseif(isset($_REQUEST['forcekill'])) { - if($user_level !== "admin") { + if($user_level == "viewonly" || $user_level == "guest") { echo "You have view only access."; } else { //echo "Sending Stop Server Command:\n\n"; @@ -97,7 +97,7 @@ echo "Servers killed. You monster."; } } elseif(isset($_REQUEST['command'])) { - if($user_level !== "admin") { + if($user_level == "viewonly" || $user_level == "guest") { echo "You have view only access.";//".$_REQUEST['command']; } else { //screen -S factorio1 -X at 0 stuff 'hello\n' diff --git a/html/server-settings.php b/html/server-settings.php index 031ad93..d9d7671 100644 --- a/html/server-settings.php +++ b/html/server-settings.php @@ -19,7 +19,7 @@ } session_write_close(); - if($user_level=="viewonly") { + if($user_level == "viewonly" || $user_level == "guest") { die('Not allowed for view only'); } From 1d82ed530edd5a103f5e2996262407a58acaeef7 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 09:58:00 +0200 Subject: [PATCH 08/22] checked that everything has now disabled if user level is guest or viewonly --- html/files.php | 6 +++--- html/logs.php | 2 +- html/update_web_control.php | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/html/files.php b/html/files.php index 331fb8c..309ac46 100644 --- a/html/files.php +++ b/html/files.php @@ -51,7 +51,7 @@ } die(); } elseif(isset($_REQUEST['download'])) { - if($user_level=="viewonly") { + if($user_level == "viewonly" || $user_level == "guest") { die('You have view only access.\nVisit our archive for file downloads\nwww.3ragaming.com/archive/factorio'); } if(empty($_REQUEST['download'])) @@ -168,7 +168,7 @@ die(); } elseif(isset($_REQUEST['upload'])) { - if($user_level=="viewonly") { + if($user_level == "viewonly" || $user_level == "guest") { die('You have read only access.'); } else { //Valdidate name @@ -288,7 +288,7 @@ die(); } elseif(isset($_REQUEST['delete'])) { - if($user_level=="viewonly") { + if($user_level == "viewonly" || $user_level == "guest") { die('You have view only access.'); } else { if(empty($_REQUEST['delete'])) diff --git a/html/logs.php b/html/logs.php index 7f6db79..a89063f 100644 --- a/html/logs.php +++ b/html/logs.php @@ -14,7 +14,7 @@ if(isset($_SESSION['login']['level'])) { $user_level = $_SESSION['login']['level']; } else { $user_level = "viewonly"; } if(isset($_SESSION['login']['user'])) { $user_name = $_SESSION['login']['user']; } else { $user_name = "guest"; } - if($user_level=="viewonly") { + if($user_level == "viewonly" || $user_level == "guest") { die('Not allowed for view only'); } diff --git a/html/update_web_control.php b/html/update_web_control.php index 5f58034..559c5c1 100644 --- a/html/update_web_control.php +++ b/html/update_web_control.php @@ -16,7 +16,7 @@ if(isset($_SESSION['login']['user'])) { $user_name = $_SESSION['login']['user']; } else { $user_name = "guest"; } session_write_close(); - if($user_level=="admin") { + if($user_level == "admin") { if(isset($_POST['update'])) { echo ""; if($_POST['update']=="yes") { From 6d58d7fbebcde19f9df203b11f5227edf334bee9 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 11:36:18 +0200 Subject: [PATCH 09/22] support for mod level --- html/assets/js/console.js | 5 +++-- html/index.php | 38 ++++++++++++++++++++++++++++++++------ html/login.php | 19 ++++++++++--------- users.txt | 2 +- 4 files changed, 46 insertions(+), 18 deletions(-) diff --git a/html/assets/js/console.js b/html/assets/js/console.js index 4763fae..dc91fa6 100644 --- a/html/assets/js/console.js +++ b/html/assets/js/console.js @@ -1,13 +1,14 @@ var loc = window.location.pathname; var dir = loc.substring(0, loc.lastIndexOf('/')); -var refreshtime=500; +var refreshtime=50000; function tc_console() { - if(user.level === 'admin'){ + if(user.level === "admin" || user.level === "mod"){ asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=console",Math.random(),display,{},"console"); } asyncAjax("GET",dir + "/assets/api/console.php?d=" + server_select + "&s=chat",Math.random(),display,{},"chat"); + setTimeout(tc_console,refreshtime); } diff --git a/html/index.php b/html/index.php index 4bfcbba..4a8920d 100644 --- a/html/index.php +++ b/html/index.php @@ -10,9 +10,9 @@ die(); } } - - if(isset($_SESSION['login']['level'])) { $user_level = $_SESSION['login']['level']; } else { $user_level = "viewonly"; } - if(isset($_SESSION['login']['user'])) { $user_name = $_SESSION['login']['user']; } else { $user_name = "guest"; } + + if(isset($_SESSION['login']['user'])) { $user_name = $_SESSION['login']['user']; } else { $user_name = "guest"; } + if(isset($_SESSION['login']['level'])) { $user_level = $_SESSION['login']['level']; } else { $user_level = "viewonly"; } if(isset($_SESSION['login']['reload_report'])) { $session['login']['reload_report'] = $_SESSION['login']['reload_report']; unset($_SESSION['login']['reload_report']); @@ -43,7 +43,7 @@ var user = { name: "", - level: "" + level: "" }; // TODO remove this @@ -135,6 +135,21 @@ Logs ADMIN; + } elseif ($user_level == "mod") { + echo <<Start    +  -  +  -  +  -  + config -  + + + + + + Logs +MOD; + } else { echo <<Status -  @@ -156,7 +171,7 @@
- "; ?> + ": ""; ?>
  @@ -165,7 +180,7 @@
@@ -175,6 +190,17 @@ ADMIN; + } elseif ($user_level == "mod") { + echo <<
-
- -
- -
- ": ""; ?> -
-   -
- -
-
- + + + +
+CONSOLE; + } + ?> + +
+
+   + +
+
+
+ +
+
+  :  @@ -190,8 +201,8 @@ ADMIN; - } elseif ($user_level == "mod") { - echo <<
-
- - - - - - - - - - - - -
FileSizeCreationEditor
- -
+ } + ?> + +
+ + + + + + + + + + + + + +
FileSizeCreationEditor
+ +
+
+ + From 7670e8c034f57901c340adffc4a3107af96138f7 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 15:51:14 +0200 Subject: [PATCH 14/22] mobile view fix --- html/assets/css/base.css | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/html/assets/css/base.css b/html/assets/css/base.css index fd3d5e4..7da85d6 100644 --- a/html/assets/css/base.css +++ b/html/assets/css/base.css @@ -79,7 +79,7 @@ table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSo } .leftside { - height: 90%; + height: auto; width: 54%; float: left; } @@ -90,7 +90,7 @@ table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSo } .console { width: 100%; - height: 50%; + height: 300px; } .console textarea { width: 100%; @@ -98,11 +98,11 @@ table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSo } .chat { width: 100%; - height: 50%; + height: 500px; } .chat textarea { width: 100%; - height: 88%; + height: 400px; } .files { width: 100%; @@ -111,7 +111,7 @@ table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSo @media only screen and (max-width: 1200px) { .leftside { - height: 60%; + height: auto; width: 100%; } .rightside { From 083c18f099ac4d98dbf3cfe69f21082311b40ab3 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 15:54:18 +0200 Subject: [PATCH 15/22] comments --- html/index.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/html/index.php b/html/index.php index 2f9f705..cfd7187 100644 --- a/html/index.php +++ b/html/index.php @@ -118,6 +118,7 @@
+
  • Welcome, .
    • @@ -165,6 +166,7 @@
+
Send
+
From d9fb08a666311b6595257477dfcb43f7618451b8 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 17:12:30 +0200 Subject: [PATCH 16/22] blink blink --- html/assets/css/base.css | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/html/assets/css/base.css b/html/assets/css/base.css index 7da85d6..9863b52 100644 --- a/html/assets/css/base.css +++ b/html/assets/css/base.css @@ -23,11 +23,11 @@ padding-right: 30px; - -webkit-animation: example 10s infinite; - animation: example 10s infinite; + -webkit-animation: blink_blink 10s infinite; + animation: blink_blink 10s infinite; } -@-webkit-keyframes example { - 0% { } +@-webkit-keyframes blink_blink { + 0% { color: black; } 50% { color: red; } 100% { color: black; } } From 4347d97b513ab9921054f492391cbfebea92fa69 Mon Sep 17 00:00:00 2001 From: erkkki Date: Thu, 2 Feb 2017 17:15:15 +0200 Subject: [PATCH 17/22] username uppercase --- html/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/index.php b/html/index.php index cfd7187..7583b29 100644 --- a/html/index.php +++ b/html/index.php @@ -121,7 +121,7 @@
    -
  • Welcome, .
    • +
  • Welcome .
    • Date: Thu, 2 Feb 2017 22:30:44 +0200 Subject: [PATCH 18/22] altlogin trim fix. again xD --- html/altlogin.php | 110 +++++++++++++++++++++++----------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/html/altlogin.php b/html/altlogin.php index 0a91f6f..6a6343b 100644 --- a/html/altlogin.php +++ b/html/altlogin.php @@ -4,73 +4,73 @@ { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); - die(); + die(); } //If logged in, and requested to logout... log them out and show login screen if(isset($_SESSION['login'])) { - if(isset($_REQUEST['logout'])) { - unset($_SESSION['login']); - $report = "
    You have been logged out
    "; - } else { - //if not requesting to logout... Take back home - header("Location: ./?d=server1"); - exit(); - die(); - } + if(isset($_REQUEST['logout'])) { + unset($_SESSION['login']); + $report = "
    You have been logged out
    "; + } else { + //if not requesting to logout... Take back home + header("Location: ./?d=server1"); + exit(); + die(); + } } - -$userN=""; +$user_name=""; $passW=""; if(isset($_POST['uname'])) { - $userN = addslashes($_POST['uname']); + $user_name = addslashes($_POST['uname']); } if(isset($_POST['passw'])) { - $passW = addslashes(md5(trim($_POST['passw']))); + $passW = addslashes(md5(trim($_POST['passw']))); } -if(!empty($userN) && !empty($passW)) { - $userlist = file ('/var/www/users.txt'); - $success = false; - foreach ($userlist as $user) { - $user_details = explode('|', $user); - if ((strtolower($user_details[0]) == strtolower($userN)) && trim($user_details[1]) == $passW) { - $userN = $user_details[0]; - $userL = $user_details[2]; - $success = true; - break; - } - } - if ($success) { - $_SESSION['login']['user']=$userN; - $_SESSION['login']['level']=$userL; - //Send home if logged in - header("Location: ./?d=server1"); - die(); - } else { - $report = "
    You have entered the wrong username or password. Please try again.
    "; - } +if(!empty($user_name) && !empty($passW)) { + $userlist = file ('/var/www/users.txt'); + $success = false; + foreach ($userlist as $user) { + $user_details = explode('|', $user); + if ((strtolower($user_details[0]) == strtolower($user_name)) && trim($user_details[1]) == $passW) { + var_dump($user_details); + $user_name = trim($user_details[0]); + $user_level = trim($user_details[2]); + $success = true; + break; + } + } + if ($success) { + $_SESSION['login']['user'] = $user_name; + $_SESSION['login']['level'] = $user_level; + //Send home if logged in + header("Location: ./?d=server1"); + die(); + } else { + $report = "
    You have entered the wrong username or password. Please try again.
    "; + } } elseif(isset($_POST['submit'])) { - $report = "
    I don't like no input
    "; + $report = "
    I don't like no input
    "; } - +session_write_close(); ?> - - - - - - - - + + + + + + + + \ No newline at end of file From 4d6153b062be172b214190ccff2e003b09ba4ae1 Mon Sep 17 00:00:00 2001 From: Zachary Sistrunk Date: Mon, 6 Feb 2017 11:29:50 -0600 Subject: [PATCH 19/22] Enabled Guest Access to Web Server Previously, the only guest allowed in the server was erkki. This commit will allow anyone that is a member of our Discord server that is not a Mod or Admin access the webserver as a guest. --- html/login.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/html/login.php b/html/login.php index cd126bf..5137af2 100644 --- a/html/login.php +++ b/html/login.php @@ -158,11 +158,9 @@ /* DEBUG */if(isset($debug)) { $debug[] = "mod login verified!"; } $session['login']['user']=$memberjson["user"]["username"]; $session['login']['level']="mod"; - } elseif($userid == "264805254758006801" ) { + } else { $session['login']['user']=$memberjson["user"]["username"]; $session['login']['level']="guest"; - } else { - $error = "unauthorized"; } } } From 8f145186d1d2e3ac3bea298a4e13be44a2faae6d Mon Sep 17 00:00:00 2001 From: Zachary Sistrunk Date: Mon, 6 Feb 2017 13:25:06 -0600 Subject: [PATCH 20/22] Update base.css Making the chat window smaller so that both console windows fit without having to scroll --- html/assets/css/base.css | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/assets/css/base.css b/html/assets/css/base.css index 9863b52..b108d25 100644 --- a/html/assets/css/base.css +++ b/html/assets/css/base.css @@ -98,11 +98,11 @@ table.tablesorter thead tr .headerSortDown, table.tablesorter thead tr .headerSo } .chat { width: 100%; - height: 500px; + height: 400px; } .chat textarea { width: 100%; - height: 400px; + height: 300px; } .files { width: 100%; From b05569ba0301a9a9d5e4a8c8c32ba265b8bb88e6 Mon Sep 17 00:00:00 2001 From: stuudmuffin Date: Thu, 16 Mar 2017 13:34:14 -0600 Subject: [PATCH 21/22] Update index.php spacing fixes --- html/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/index.php b/html/index.php index 7583b29..e251c66 100644 --- a/html/index.php +++ b/html/index.php @@ -12,7 +12,7 @@ } if(isset($_SESSION['login']['user'])) { $user_name = $_SESSION['login']['user']; } else { $user_name = "guest"; } - if(isset($_SESSION['login']['level'])) { $user_level = $_SESSION['login']['level']; } else { $user_level = "viewonly"; } + if(isset($_SESSION['login']['level'])) { $user_level = $_SESSION['login']['level']; } else { $user_level = "viewonly"; } if(isset($_SESSION['login']['reload_report'])) { $session['login']['reload_report'] = $_SESSION['login']['reload_report']; unset($_SESSION['login']['reload_report']); From 70fc26aca447c87b8b768579e9d652613552a4e9 Mon Sep 17 00:00:00 2001 From: stuudmuffin Date: Thu, 16 Mar 2017 13:49:23 -0600 Subject: [PATCH 22/22] Update users.txt the defaul password was password. While we expected people to change these, when discord auth works, this isn't used. Leaving a backdoor into the web control if the server owner doesn't update this file. --- users.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/users.txt b/users.txt index dc7d6b8..4e36c7e 100644 --- a/users.txt +++ b/users.txt @@ -1,4 +1,4 @@ -admin1|5f4dcc3b5aa765d61d8327deb882cf99|admin -admin2|5f4dcc3b5aa765d61d8327deb882cf99|admin -mod1|5f4dcc3b5aa765d61d8327deb882cf99|mod -guest|5f4dcc3b5aa765d61d8327deb882cf99|guest +admin1|MD5_HASH_HERE|admin +admin2|MD5_HASH_HERE|admin +mod1|MD5_HASH_HERE|mod +guest|MD5_HASH_HERE|guest