API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 5th, 2017
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. include('config/mysqlconfig.php');
  4. include('config/config.php');
  5. include('functions.php');
  6.  
  7. // https://prnt.sc/gc4psa
  8. // https://prnt.sc/gc4py6
  9.  
  10. $vreme = time();
  11. $datum = date('d.m.Y');
  12.  
  13. // # Proveri prvo da li je ulogovan
  14. if($_SESSION['userid'] != "" || $_SESSION['userid'] != 0){
  15.  
  16. $StaffUser = $_SESSION['username']; // # Varijabla usera koji banuje (korisnik koji banuje)
  17.  
  18. // # Selektuje permisiju da moze da se koristi
  19. $stmt = $conn1->prepare("SELECT permissions FROM users WHERE username=?");
  20. $stmt->bind_param("s",$StaffUser);
  21. $stmt->execute();
  22. $stmt->bind_result($userperm);
  23. $stmt->fetch();
  24. $stmt->close();
  25.  
  26. }
  27.  
  28. // # Menja varijablu da bude lakse
  29. $task = $_GET['task'];
  30.  
  31. switch ($task) {
  32.  
  33. case 'login':
  34.  
  35. if(strlen($_POST['username']) == 0 || strlen($_POST['password']) == 0){
  36. $_SESSION['err'] = "Sva polja moraju biti popunjena!";
  37. header("Location: $_SERVER[HTTP_REFERER]");
  38. die();
  39. }
  40. if(strlen($_POST['username']) > 30){
  41. $_SESSION['err'] = "Korisnički nalog sa tom dužinom karaktera ne postoji!";
  42. header("Location: $_SERVER[HTTP_REFERER]");
  43. die();
  44. }
  45. // # Provera smanjuje rizik od SQL injekcije.
  46. if(preg_match("/([%'\$#\*]+)/", $_POST['username'])){
  47. $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u korisničkom imenu.";
  48. header("location:$_SERVER[HTTP_REFERER]");
  49. die();
  50. }
  51.  
  52. $username = addslashes($_POST['username']);
  53. $password = addslashes($_POST['password']);
  54.  
  55. // # Izvlaci SALT random string.
  56. $stmtsalt = $conn1->prepare("SELECT salt FROM users WHERE username=?");
  57. $stmtsalt->bind_param("s", $username);
  58. $stmtsalt->execute();
  59. $stmtsalt->bind_result($salt);
  60. $stmtsalt->fetch();
  61. $stmtsalt->close();
  62.  
  63. // # Hashuje password i salt od korisnika i securitypasscode.
  64. $cpass = sha1($password.$salt.$securitypasscode);
  65.  
  66. // # Selektuje sve, da bi prebrojao rovove ukoliko postoji korisnik.
  67. $stmtrows = $conn1->prepare("SELECT * FROM users WHERE username=? AND password=?");
  68. $stmtrows->bind_param("ss", $username,$cpass);
  69. $stmtrows->execute();
  70. $stmtrows->store_result();
  71.  
  72. if($stmtrows->num_rows) {
  73.  
  74. // # Zatvara konekciju kada proveri.
  75. $stmtrows->close();
  76.  
  77. // # Selektuje userid i username da bi ga postavio posle u sesiju.
  78. $stmt = $conn1->prepare("SELECT ID,username FROM users WHERE username=? AND password=?");
  79. $stmt->bind_param("ss",$username,$cpass);
  80. $stmt->execute();
  81. $stmt->bind_result($userID,$usernameVALUE);
  82. $stmt->fetch();
  83.  
  84. $_SESSION['userid'] = $userID;
  85. $_SESSION['username'] = $usernameVALUE;
  86. $userIP = $_SERVER['REMOTE_ADDR'];
  87.  
  88. $sesija = md5($usernameVALUE.$cpass);
  89.  
  90. $sesstime = 60*60*24*10;
  91.  
  92. // # Stavlja u kolacice ID,username i sesiju koja je gore enkriptovana.
  93. setcookie("ID", $_SESSION['userid'], time() + $sesstime);
  94. setcookie("Username", $_SESSION['username'], time() + $sesstime);
  95. setcookie("sesija", $sesija, time() + $sesstime);
  96.  
  97. // # Azurira zadnji IP sa kojeg se klijent ulogovao
  98. $id = $_SESSION['userid'];
  99. mysqli_query($conn1, "UPDATE users SET LastIP='$userIP' WHERE ID='$id'");
  100.  
  101. $_SESSION['ok'] = "Upešno ste se ulogovali.";
  102. header("Location: $_SERVER[HTTP_REFERER]");
  103. break;
  104. $stmt->close();
  105.  
  106. } else {
  107.  
  108. $stmtrows->close();
  109. $_SESSION['err'] = "Nalog ne postoji ili ste loše upisali lozinku!";
  110. header("Location: $_SERVER[HTTP_REFERER]");
  111. break;
  112.  
  113. }
  114. break;
  115.  
  116. case 'ban':
  117.  
  118. // # Nove varijable da bi bilo lakse
  119. $nick = $_POST['nick'];
  120. $vremebana = @$_POST['vremebana'];
  121. $vremetip = $_POST['vremetip'];
  122. $razlog = $_POST['razlog'];
  123. $server = $_POST['server'];
  124. $vremenow = time();
  125.  
  126. if($nick == "" || $razlog == ""){
  127. $_SESSION['err'] = "Sva polja moraju biti popunjena.";
  128. header("Location:/index.php?page=ban");
  129. break;
  130. }
  131. if($vremetip != "perm"){
  132. if($vremebana == ""){
  133. $_SESSION['err'] = "Sva polja moraju biti popunjena.";
  134. header("Location:/index.php?page=ban");
  135. break;
  136. }
  137. if(!is_numeric($vremebana)){
  138. $_SESSION['err'] = "Vreme bana mora da bude broj.";
  139. header("Location:/index.php?page=ban");
  140. break;
  141. }
  142. }
  143. if($vremetip != "minut" && $vremetip != "sat" && $vremetip != "dan" && $vremetip != "perm"){
  144. $_SESSION['err'] = "Ne možete da menjate tip vremena.";
  145. header("Location:/index.php?page=ban");
  146. break;
  147. }
  148. if($server != "Factions" && $server != "Roleplay" && $server != "SkyBlock" && $server != "Vanilla" && $server != "SkyWars" && $server != "UHCRun" && $server != "BedWars" && $server != "SkyPvP" && $server != "Prison" && $server != "Global"){
  149. $_SESSION['err'] = "Server ne postoji.";
  150. header("Location:/index.php?page=ban");
  151. break;
  152. }
  153.  
  154. // # Izvlaci UUID iz nickname-a
  155. $UUID = nickUUID($nick);
  156.  
  157. // # Racuna vreme ovisi o opciji kojoj se izabere
  158. if($vremetip == "minut"){ $krajnjevreme = $vremenow + (60 * $vremebana); }
  159. elseif($vremetip == "sat"){ $krajnjevreme = $vremenow + (3600 * $vremebana); }
  160. elseif($vremetip == "dan"){ $krajnjevreme = $vremenow + (86400 * $vremebana); }
  161. elseif($vremetip == "perm"){ $krajnjevreme = NULL; }
  162.  
  163. // # Konvertuje vreme u TIMESTAMP
  164. $upisvreme = date('Y-m-d H:i:s', $krajnjevreme);
  165.  
  166. // # Ukoliko je permanent ban ubacuje NULL
  167. if($vremetip == "perm"){ $upisvreme = "NULL"; }
  168. // # Ukoliko je banovan sa cele mreze mora da ga stavi u zagradi (? - tako u bazi ide i tako radi plugin)
  169. if($server == "Global"){ $server = "(global)"; }
  170.  
  171. // # Upisuje u bazu novi ban
  172. $stmt = $conn2->prepare("INSERT INTO ban (UUID,ban_staff,ban_reason,ban_server,ban_end) VALUES (?,?,?,?,?)");
  173. $stmt->bind_param("sssss", $UUID, $StaffUser, $razlog, $server, $upisvreme);
  174. $stmt->execute();
  175. $stmt->close();
  176.  
  177. $_SESSION['ok'] = "Uspešno ste banovali igrača.";
  178. header("Location:/index.php?page=ban");
  179. break;
  180.  
  181. case 'adminpanelregistruj':
  182.  
  183. // # Fetchujemo sve varijable
  184. $username = $_POST['username'];
  185. $lozinka = $_POST['lozinka'];
  186. $rank = $_POST['rank'];
  187.  
  188. if($userperm != 4){
  189. $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
  190. header("Location:/index.php?page=adminpanel");
  191. break;
  192. }
  193. if($username == "" || strlen($username) == 0 || $lozinka == "" || strlen($lozinka) == 0){
  194. $_SESSION['err'] = "Sva polja moraju biti popunjena.";
  195. header("Location:/index.php?page=adminpanel");
  196. break;
  197. }
  198. if(strlen($username) > 30){
  199. $_SESSION['err'] = "Nick je predugačak.";
  200. header("Location:/index.php?page=adminpanel");
  201. break;
  202. }
  203. // # Provera smanjuje rizik od SQL injekcije.
  204. if(preg_match("/([%'\$#\*]+)/", $username)){
  205. $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u usernamu.";
  206. header("location:/index.php?page=adminpanel");
  207. break;
  208. }
  209. if($rank != "forummod" && $rank != "juniormod" && $rank != "moderator" && $rank != "vlasnik"){
  210. $_SESSION['err'] = "Pronađeni su nedozvoljeni parametri.";
  211. header("location:/index.php?page=adminpanel");
  212. break;
  213. }
  214.  
  215. if($rank == "forummod"){ $permisija = 1; }
  216. elseif($rank == "juniormod"){ $permisija = 2; }
  217. elseif($rank == "moderator"){ $permisija = 3; }
  218. elseif($rank == "vlasnik"){ $permisija = 4; }
  219. else { $permisija = NULL; }
  220.  
  221. // # Generise random str tacnije salt koji ce biti upisa u bazu
  222. $salt = generateString(7);
  223. // # Hashuje sve varijable za pass
  224. $hash = sha1($lozinka.$salt.$securitypasscode);
  225.  
  226. // # Upisuje u bazu novog korisnika
  227. $stmt = $conn1->prepare("INSERT INTO users (username,password,salt,permissions) VALUES (?,?,?,?)");
  228. $stmt->bind_param("sssi", $username, $hash, $salt, $permisija);
  229. $stmt->execute();
  230. $stmt->close();
  231.  
  232. $_SESSION['ok'] = "Uspešno ste registrovali novog korisnika.";
  233. header("Location:/index.php?page=adminpanel");
  234. break;
  235.  
  236. case 'adminpanelizbrisi':
  237.  
  238. $username = $_POST['username'];
  239.  
  240. if($userperm != 4){
  241. $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
  242. header("Location:/index.php?page=adminpanel");
  243. break;
  244. }
  245. if($username == "" || strlen($username) == 0){
  246. $_SESSION['err'] = "Sva polja moraju biti popunjena.";
  247. header("Location:/index.php?page=adminpanel");
  248. break;
  249. }
  250. if(strlen($username) > 30){
  251. $_SESSION['err'] = "Nick je predugačak.";
  252. header("Location:/index.php?page=adminpanel");
  253. break;
  254. }
  255. // # Provera smanjuje rizik od SQL injekcije.
  256. if(preg_match("/([%'\$#\*]+)/", $username)){
  257. $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u usernamu.";
  258. header("Location:/index.php?page=adminpanel");
  259. break;
  260. }
  261.  
  262. // # Selektuje userid i username da bi ga postavio posle u sesiju.
  263. $stmt = $conn1->prepare("SELECT * FROM users WHERE username=?");
  264. $stmt->bind_param("s",$username);
  265. $stmt->execute();
  266. $stmt->store_result();
  267.  
  268. // # Proverava da li postoje rovovi u bazi
  269. if($stmt->num_rows){
  270. // # Nakon provere zatvara konekciju ka bazi
  271. $stmt->close();
  272.  
  273. // # Brise korisnicki nalog
  274. $stmt = $conn1->prepare("DELETE FROM users WHERE username=?");
  275. $stmt->bind_param("s",$username);
  276. $stmt->execute();
  277. $stmt->close();
  278.  
  279. $_SESSION['ok'] = "Uspešno ste obrisali korisnički račun!";
  280. header("Location: /index.php?page=adminpanel");
  281. break;
  282. } else {
  283. $stmt->close();
  284. $_SESSION['err'] = "Korisnik ne postoji!";
  285. header("Location: /index.php?page=adminpanel");
  286. break;
  287. }
  288. break;
  289.  
  290. case 'obavestenjeupdate':
  291.  
  292. $obavestenje = $_POST['obavestenje'];
  293.  
  294. if($userperm != 4){
  295. $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
  296. header("Location:/index.php?page=adminpanel");
  297. break;
  298. }
  299.  
  300. // # Azuriranje obavestenja
  301. $stmt = $conn1->prepare("UPDATE obavestenja SET text=?,azurirano=? WHERE ID=1");
  302. $stmt->bind_param("si",$obavestenje,$vreme);
  303. $stmt->execute();
  304. $stmt->close();
  305.  
  306. $_SESSION['ok'] = "Uspešno ste ažurirali obaveštenje!";
  307. header("Location: /index.php?page=adminpanel");
  308. break;
  309.  
  310. case 'azurirajkorisnika':
  311.  
  312. $nick = $_POST['username'];
  313. $rank = $_POST['rank'];
  314.  
  315. if($userperm != 4){
  316. $_SESSION['err'] = "Nemate dozvolu da izvršite ovu akciju.";
  317. header("Location:/index.php?page=adminpanel");
  318. break;
  319. }
  320. if($nick == "" || strlen($nick) == 0){
  321. $_SESSION['err'] = "Sva polja moraju biti popunjena.";
  322. header("Location:/index.php?page=adminpanel");
  323. break;
  324. }
  325. if(strlen($nick) > 30){
  326. $_SESSION['err'] = "Nick je predugačak.";
  327. header("Location:/index.php?page=adminpanel");
  328. break;
  329. }
  330. // # Provera smanjuje rizik od SQL injekcije.
  331. if(preg_match("/([%'\$#\*]+)/", $nick)){
  332. $_SESSION['err'] = "Pronadjeni su nedozvoljeni karakteri u nicku.";
  333. header("Location:/index.php?page=adminpanel");
  334. break;
  335. }
  336. if($rank != "forummod" && $rank != "juniormod" && $rank != "moderator" && $rank != "vlasnik"){
  337. $_SESSION['err'] = "Pronađeni su nedozvoljeni parametri.";
  338. header("location:/index.php?page=adminpanel");
  339. break;
  340. }
  341.  
  342. if($rank == "forummod"){ $permisija = 1; }
  343. elseif($rank == "juniormod"){ $permisija = 2; }
  344. elseif($rank == "moderator"){ $permisija = 3; }
  345. elseif($rank == "vlasnik"){ $permisija = 4; }
  346. else { $permisija = NULL; }
  347.  
  348. // # Azurira korisnika
  349. $stmt = $conn1->prepare("UPDATE users SET permissions=? WHERE username=?");
  350. $stmt->bind_param("ss",$permisija,$nick);
  351. $stmt->execute();
  352. $stmt->close();
  353.  
  354. $_SESSION['ok'] = "Uspešno ste ažurirali korisnika.";
  355. header("Location:/index.php?page=adminpanel");
  356. break;
  357. }
  358. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!