Ryzom
/
ryzom-core
1
1
Fork 0
Code Issues 38 Pull Requests Projects 1 Releases 1 Activity

Fixes for webig, ref kaetemi/ryzomclassic#4

Browse Source
ryzomclassic-develop
kaetemi 4 years ago
parent f8cb53bfd8
commit 37d52231ef
No known key found for this signature in database
GPG Key ID: 9873C4D40BB479BC
3 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File

1
web/public_php/login/config.php
Unescape Escape View File

@ -23,6 +23,7 @@ $DBName = $cfg['db']['shard']['name'];
$RingDBUserName = $cfg['db']['ring']['user']; $RingDBUserName = $cfg['db']['ring']['user'];
$RingDBPassword = $cfg['db']['ring']['pass']; $RingDBPassword = $cfg['db']['ring']['pass'];
$RingDBName = $cfg['db']['ring']['name'];
// If true, the server will add automatically unknown user in the database // If true, the server will add automatically unknown user in the database
// (in nel.user, nel.permission, ring.ring_user and ring.characters // (in nel.user, nel.permission, ring.ring_user and ring.characters

3
web/public_php/webig/admin.php
Unescape Escape View File

@ -20,7 +20,8 @@ include_once('thread_utils.php');
include_once('mail_utils.php'); include_once('mail_utils.php');
include_once('admin_utils.php'); include_once('admin_utils.php');
if (($user_login != "support" || ($remote_addr != "192.168.1.153" && $remote_addr != "192.168.3.1")) && $remote_addr != "127.0.0.1") // if (($user_login != "support" || ($remote_addr != "192.168.1.153" && $remote_addr != "192.168.3.1")) && $remote_addr != "127.0.0.1")
if (true)
{ {
die(); die();
} }

35
web/public_php/webig/utils.php
Unescape Escape View File

@ -71,8 +71,14 @@ importParam('user_login');
importParam('shard'); importParam('shard');
importParam('session_cookie'); importParam('session_cookie');
if (isset($user_login))
{
$user_login = trim($user_login); $user_login = trim($user_login);
}
if (isset($session_cookie))
{
$session_cookie = stripslashes($session_cookie); $session_cookie = stripslashes($session_cookie);
}
include_once('config.php'); include_once('config.php');
@ -395,7 +401,7 @@ function build_user_dir($user, $shard)
return $dir; return $dir;
} }
include_once('login/config.php'); include_once('../login/config.php');
// ------------------------------------- // -------------------------------------
// connect to DB server and select ring DB // connect to DB server and select ring DB
@ -403,8 +409,8 @@ include_once('login/config.php');
function connect_to_ring_db() function connect_to_ring_db()
{ {
global $DBHost, $DBPort, $RingDBUserName, $RingDBPassword, $RingDBName; global $DBHost, $DBPort, $RingDBUserName, $RingDBPassword, $RingDBName;
$ringDb = mysql_connect($DBHost, $RingDBUserName, $RingDBPassword, NULL, $DBPort) or die("can't connect to ring db @'".$DBHost."' with user '".$RingDBUserName."'"); $ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword, NULL, $DBPort) or die("can't connect to ring db @'".$DBHost."' with user '".$RingDBUserName."'");
mysql_select_db($RingDBName, $ringDb) or die("can't select ring db: '$RingDBName' Host=$DBHost User=$RingDBUserName (not enough privilege?)"); mysqli_select_db($ringDb, $RingDBName) or die("can't select ring db: '$RingDBName' Host=$DBHost User=$RingDBUserName (not enough privilege?)");
return $ringDb; return $ringDb;
} }
@ -414,20 +420,23 @@ function connect_to_ring_db()
// ------------------------------------- // -------------------------------------
function check_character_belongs_to_guild($charName, $guildName) function check_character_belongs_to_guild($charName, $guildName)
{ {
connect_to_ring_db(); $ringDb = connect_to_ring_db();
$res = mysql_query( $res = mysqli_query($ringDb,
"SELECT guilds.guild_name FROM guilds "SELECT guilds.guild_name FROM guilds
JOIN characters ON characters.guild_id=guilds.guild_id JOIN characters ON characters.guild_id=guilds.guild_id
WHERE char_name='$charName'") WHERE char_name='$charName'")
or die("Can't query guild for $charName in DB"); or die("Can't query guild for $charName in DB");
if (false === ($row = mysql_fetch_row($res))) $row = mysqli_fetch_row($res);
if (!isset($row))
die("Guild not found for char $charName in DB"); die("Guild not found for char $charName in DB");
if ($row[0] != $guildName) if ($row[0] != $guildName)
die("ACCESS DENIED: $charName is not a member of $guildName"); die("ACCESS DENIED: $charName is not a member of $guildName");
} }
$remote_addr = $HTTP_SERVER_VARS['REMOTE_ADDR']; $remote_addr = $_SERVER['REMOTE_ADDR'];
if ($remote_addr == "213.208.119.226" || $remote_addr == "38.117.236.132")
// if ($remote_addr == "213.208.119.226" || $remote_addr == "38.117.236.132")
if (true)
{ {
importParam('internal_check'); importParam('internal_check');
if ($internal_check) if ($internal_check)
@ -438,18 +447,20 @@ if ($remote_addr == "213.208.119.226" || $remote_addr == "38.117.236.132")
} }
/* /*
* check user is valid * check user is valid
*/ */
if ($user_login == "support" && ($remote_addr == "192.168.1.153" || $remote_addr == "192.168.3.1") || // if ($user_login == "support" && ($remote_addr == "192.168.1.153" || $remote_addr == "192.168.3.1") ||
$remote_addr == "127.0.0.1" ) // $remote_addr == "127.0.0.1" )
if (false)
{ {
echo "SUPPORT MODE!"; echo "SUPPORT MODE!";
// do not check "support" email that come from rsweb // do not check "support" email that come from rsweb
//echo $HTTP_SERVER_VARS['REMOTE_ADDR']; //echo $_SERVER['REMOTE_ADDR'];
//die(); //die();
importParam('translate_user_login'); importParam('translate_user_login');
if ($translate_user_login) if (isset($translate_user_login))
$user_login = $translate_user_login; $user_login = $translate_user_login;
} }
else else

Write Preview
Loading…
Cancel
Save