Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include('config/mysqlconfig.php');
- include('config/config.php');
- include('functions.php');
- // https://prnt.sc/gc4psa
- // https://prnt.sc/gc4py6
- $vreme = time();
- $datum = date('d.m.Y');
- // # Proveri prvo da li je ulogovan
- if($_SESSION['userid'] != "" || $_SESSION['userid'] != 0){
- $StaffUser = $_SESSION['username']; // # Varijabla usera koji banuje (korisnik koji banuje)
- // # Selektuje permisiju da moze da se koristi
- $stmt = $conn1->prepare("SELECT permissions FROM users WHERE username=?");
- $stmt->bind_param("s",$StaffUser);
- $stmt->execute();
- $stmt->bind_result($userperm);
- $stmt->fetch();
- $stmt->close();
- }
- // # Menja varijablu da bude lakse
- $task = $_GET['task'];
- switch ($task) {
- case 'login':
- if(strlen($_POST['username']) == 0 || strlen($_POST['password']) == 0){
- $_SESSION['err'] = "Sva polja moraju biti popunjena!";
- header("Location: $_SERVER[HTTP_REFERER]");
- die();
- }
- if(strlen($_POST['username']) > 30){
- $_SESSION['err'] = "Korisnički nalog sa tom dužinom karaktera ne postoji!";
- header("Location: $_SERVER[HTTP_REFERER]");
- die();
- }
- // # Provera smanjuje rizik od SQL injekcije.
- if(preg_match("/([%'\$#\*]+)/", $_POST['username'])){
- $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u korisničkom imenu.";
- header("location:$_SERVER[HTTP_REFERER]");
- die();
- }
- $username = addslashes($_POST['username']);
- $password = addslashes($_POST['password']);
- // # Izvlaci SALT random string.
- $stmtsalt = $conn1->prepare("SELECT salt FROM users WHERE username=?");
- $stmtsalt->bind_param("s", $username);
- $stmtsalt->execute();
- $stmtsalt->bind_result($salt);
- $stmtsalt->fetch();
- $stmtsalt->close();
- // # Hashuje password i salt od korisnika i securitypasscode.
- $cpass = sha1($password.$salt.$securitypasscode);
- // # Selektuje sve, da bi prebrojao rovove ukoliko postoji korisnik.
- $stmtrows = $conn1->prepare("SELECT * FROM users WHERE username=? AND password=?");
- $stmtrows->bind_param("ss", $username,$cpass);
- $stmtrows->execute();
- $stmtrows->store_result();
- if($stmtrows->num_rows) {
- // # Zatvara konekciju kada proveri.
- $stmtrows->close();
- // # Selektuje userid i username da bi ga postavio posle u sesiju.
- $stmt = $conn1->prepare("SELECT ID,username FROM users WHERE username=? AND password=?");
- $stmt->bind_param("ss",$username,$cpass);
- $stmt->execute();
- $stmt->bind_result($userID,$usernameVALUE);
- $stmt->fetch();
- $_SESSION['userid'] = $userID;
- $_SESSION['username'] = $usernameVALUE;
- $userIP = $_SERVER['REMOTE_ADDR'];
- $sesija = md5($usernameVALUE.$cpass);
- $sesstime = 60*60*24*10;
- // # Stavlja u kolacice ID,username i sesiju koja je gore enkriptovana.
- setcookie("ID", $_SESSION['userid'], time() + $sesstime);
- setcookie("Username", $_SESSION['username'], time() + $sesstime);
- setcookie("sesija", $sesija, time() + $sesstime);
- // # Azurira zadnji IP sa kojeg se klijent ulogovao
- $id = $_SESSION['userid'];
- mysqli_query($conn1, "UPDATE users SET LastIP='$userIP' WHERE ID='$id'");
- $_SESSION['ok'] = "Upešno ste se ulogovali.";
- header("Location: $_SERVER[HTTP_REFERER]");
- break;
- $stmt->close();
- } else {
- $stmtrows->close();
- $_SESSION['err'] = "Nalog ne postoji ili ste loše upisali lozinku!";
- header("Location: $_SERVER[HTTP_REFERER]");
- break;
- }
- break;
- case 'ban':
- // # Nove varijable da bi bilo lakse
- $nick = $_POST['nick'];
- $vremebana = @$_POST['vremebana'];
- $vremetip = $_POST['vremetip'];
- $razlog = $_POST['razlog'];
- $server = $_POST['server'];
- $vremenow = time();
- if($nick == "" || $razlog == ""){
- $_SESSION['err'] = "Sva polja moraju biti popunjena.";
- header("Location:/index.php?page=ban");
- break;
- }
- if($vremetip != "perm"){
- if($vremebana == ""){
- $_SESSION['err'] = "Sva polja moraju biti popunjena.";
- header("Location:/index.php?page=ban");
- break;
- }
- if(!is_numeric($vremebana)){
- $_SESSION['err'] = "Vreme bana mora da bude broj.";
- header("Location:/index.php?page=ban");
- break;
- }
- }
- if($vremetip != "minut" && $vremetip != "sat" && $vremetip != "dan" && $vremetip != "perm"){
- $_SESSION['err'] = "Ne možete da menjate tip vremena.";
- header("Location:/index.php?page=ban");
- break;
- }
- if($server != "Factions" && $server != "Roleplay" && $server != "SkyBlock" && $server != "Vanilla" && $server != "SkyWars" && $server != "UHCRun" && $server != "BedWars" && $server != "SkyPvP" && $server != "Prison" && $server != "Global"){
- $_SESSION['err'] = "Server ne postoji.";
- header("Location:/index.php?page=ban");
- break;
- }
- // # Izvlaci UUID iz nickname-a
- $UUID = nickUUID($nick);
- // # Racuna vreme ovisi o opciji kojoj se izabere
- if($vremetip == "minut"){ $krajnjevreme = $vremenow + (60 * $vremebana); }
- elseif($vremetip == "sat"){ $krajnjevreme = $vremenow + (3600 * $vremebana); }
- elseif($vremetip == "dan"){ $krajnjevreme = $vremenow + (86400 * $vremebana); }
- elseif($vremetip == "perm"){ $krajnjevreme = NULL; }
- // # Konvertuje vreme u TIMESTAMP
- $upisvreme = date('Y-m-d H:i:s', $krajnjevreme);
- // # Ukoliko je permanent ban ubacuje NULL
- if($vremetip == "perm"){ $upisvreme = "NULL"; }
- // # Ukoliko je banovan sa cele mreze mora da ga stavi u zagradi (? - tako u bazi ide i tako radi plugin)
- if($server == "Global"){ $server = "(global)"; }
- // # Upisuje u bazu novi ban
- $stmt = $conn2->prepare("INSERT INTO ban (UUID,ban_staff,ban_reason,ban_server,ban_end) VALUES (?,?,?,?,?)");
- $stmt->bind_param("sssss", $UUID, $StaffUser, $razlog, $server, $upisvreme);
- $stmt->execute();
- $stmt->close();
- $_SESSION['ok'] = "Uspešno ste banovali igrača.";
- header("Location:/index.php?page=ban");
- break;
- case 'adminpanelregistruj':
- // # Fetchujemo sve varijable
- $username = $_POST['username'];
- $lozinka = $_POST['lozinka'];
- $rank = $_POST['rank'];
- if($userperm != 4){
- $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if($username == "" || strlen($username) == 0 || $lozinka == "" || strlen($lozinka) == 0){
- $_SESSION['err'] = "Sva polja moraju biti popunjena.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if(strlen($username) > 30){
- $_SESSION['err'] = "Nick je predugačak.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- // # Provera smanjuje rizik od SQL injekcije.
- if(preg_match("/([%'\$#\*]+)/", $username)){
- $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u usernamu.";
- header("location:/index.php?page=adminpanel");
- break;
- }
- if($rank != "forummod" && $rank != "juniormod" && $rank != "moderator" && $rank != "vlasnik"){
- $_SESSION['err'] = "Pronađeni su nedozvoljeni parametri.";
- header("location:/index.php?page=adminpanel");
- break;
- }
- if($rank == "forummod"){ $permisija = 1; }
- elseif($rank == "juniormod"){ $permisija = 2; }
- elseif($rank == "moderator"){ $permisija = 3; }
- elseif($rank == "vlasnik"){ $permisija = 4; }
- else { $permisija = NULL; }
- // # Generise random str tacnije salt koji ce biti upisa u bazu
- $salt = generateString(7);
- // # Hashuje sve varijable za pass
- $hash = sha1($lozinka.$salt.$securitypasscode);
- // # Upisuje u bazu novog korisnika
- $stmt = $conn1->prepare("INSERT INTO users (username,password,salt,permissions) VALUES (?,?,?,?)");
- $stmt->bind_param("sssi", $username, $hash, $salt, $permisija);
- $stmt->execute();
- $stmt->close();
- $_SESSION['ok'] = "Uspešno ste registrovali novog korisnika.";
- header("Location:/index.php?page=adminpanel");
- break;
- case 'adminpanelizbrisi':
- $username = $_POST['username'];
- if($userperm != 4){
- $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if($username == "" || strlen($username) == 0){
- $_SESSION['err'] = "Sva polja moraju biti popunjena.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if(strlen($username) > 30){
- $_SESSION['err'] = "Nick je predugačak.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- // # Provera smanjuje rizik od SQL injekcije.
- if(preg_match("/([%'\$#\*]+)/", $username)){
- $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u usernamu.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- // # Selektuje userid i username da bi ga postavio posle u sesiju.
- $stmt = $conn1->prepare("SELECT * FROM users WHERE username=?");
- $stmt->bind_param("s",$username);
- $stmt->execute();
- $stmt->store_result();
- // # Proverava da li postoje rovovi u bazi
- if($stmt->num_rows){
- // # Nakon provere zatvara konekciju ka bazi
- $stmt->close();
- // # Brise korisnicki nalog
- $stmt = $conn1->prepare("DELETE FROM users WHERE username=?");
- $stmt->bind_param("s",$username);
- $stmt->execute();
- $stmt->close();
- $_SESSION['ok'] = "Uspešno ste obrisali korisnički račun!";
- header("Location: /index.php?page=adminpanel");
- break;
- } else {
- $stmt->close();
- $_SESSION['err'] = "Korisnik ne postoji!";
- header("Location: /index.php?page=adminpanel");
- break;
- }
- break;
- case 'obavestenjeupdate':
- $obavestenje = $_POST['obavestenje'];
- if($userperm != 4){
- $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- // # Azuriranje obavestenja
- $stmt = $conn1->prepare("UPDATE obavestenja SET text=?,azurirano=? WHERE ID=1");
- $stmt->bind_param("si",$obavestenje,$vreme);
- $stmt->execute();
- $stmt->close();
- $_SESSION['ok'] = "Uspešno ste ažurirali obaveštenje!";
- header("Location: /index.php?page=adminpanel");
- break;
- case 'azurirajkorisnika':
- $nick = $_POST['username'];
- $rank = $_POST['rank'];
- if($userperm != 4){
- $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if($nick == "" || strlen($nick) == 0){
- $_SESSION['err'] = "Sva polja moraju biti popunjena.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if(strlen($nick) > 30){
- $_SESSION['err'] = "Nick je predugačak.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- // # Provera smanjuje rizik od SQL injekcije.
- if(preg_match("/([%'\$#\*]+)/", $nick)){
- $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u nicku.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- if($rank != "forummod" && $rank != "juniormod" && $rank != "moderator" && $rank != "vlasnik"){
- $_SESSION['err'] = "Pronađeni su nedozvoljeni parametri.";
- header("location:/index.php?page=adminpanel");
- break;
- }
- if($rank == "forummod"){ $permisija = 1; }
- elseif($rank == "juniormod"){ $permisija = 2; }
- elseif($rank == "moderator"){ $permisija = 3; }
- elseif($rank == "vlasnik"){ $permisija = 4; }
- else { $permisija = NULL; }
- // # Azurira korisnika
- $stmt = $conn1->prepare("UPDATE users SET permissions=? WHERE username=?");
- $stmt->bind_param("ss",$permisija,$nick);
- $stmt->execute();
- $stmt->close();
- $_SESSION['ok'] = "Uspešno ste ažurirali korisnika.";
- header("Location:/index.php?page=adminpanel");
- break;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement