Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("globals.php");
- include("admin.php");
- function doAction($action){
- global $uid, $name, $locale, $key;
- //parse action agruments if needed
- if(strlen($action)>1){
- if(!strpos($action,'@')) die('bad action arguments');
- $delim_pos = strpos($action,'@');
- $arg = substr($action,$delim_pos+1);
- $action = substr($action,$delim_pos-1,1);
- }
- switch($action){
- case 0:
- //logout
- header("Set-cookie: S3SS1D=");
- header("Location: ./");
- break;
- break;
- case 1:
- //admin delete user
- admin::deleteUser();
- break;
- case 2:
- //admin create user
- admin::createUser();
- break;
- case 3:
- //change locale
- $locale = isset($_COOKIE['locale'])?$_COOKIE['locale']:'en';
- $sess = mcrypt_encrypt(MCRYPT_BLOWFISH, md5($key), "$role:$uid:$name:$locale", MCRYPT_MODE_CBC, 1234567890);
- header("Set-cookie: S3SS1D=".urlencode(base64_encode($sess)));
- break;
- case 4:
- //get username
- return $name;
- break;
- case 5:
- //get uid
- return $uid;
- break;
- default:
- die('bad action');
- break;
- }
- }
- if(!isset($_COOKIE['S3SS1D'])){ die('auth failed!'); }
- $sess = mcrypt_decrypt(MCRYPT_BLOWFISH, md5($key), base64_decode($_COOKIE['S3SS1D']), MCRYPT_MODE_CBC, 1234567890);
- $sess_data = explode(':',$sess);
- if(count($sess_data)==4){
- $role = trim($sess_data[0]);
- $uid = trim($sess_data[1]);
- $name = trim($sess_data[2]);
- $locale = trim($sess_data[3]);
- $action = substr($_GET['do'],6); ///'action' have 6 bytes of length
- $r=$db->query("select role".intval($action)." from users where id=$uid");
- if($row=$r->fetchArray()){
- if((int)$row[0]!==1){
- echo 'permission denied';
- }else{
- $ret = doAction($action);
- echo $ret;
- }
- }
- }else{
- die('auth failed.');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
