[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LCT Login System
|
From: |
Björn Fischer |
|
Subject: |
LCT Login System |
|
Date: |
Fri, 23 Apr 2004 19:44:05 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 |
Hi,
I made a patch for the LCT that implements a simple login system. Since
it uses http Basic authentication method it is not too comfortable, but
it works.
This adds the file login-system.inc which implements some functions
needed for user login and user signup. This patch saves the eMail adress
as the login name together with the encrypted password in .htpasswd.
Some additional data (real name, eMail adress (again) and comment
mailer*) in a MySQL table. Therefore it definitely needs the MySQL
database (up to this point switching was possible, now it is not anymore).
Since the verification of user entries in the signup form is done by a
javascript I would like to get feedback about browser compatibility and
if I should rather change something.
If a user is logged in (s)he can delete his/her own comments and demo files.
Next step will be a possibility for the admin to delete users, I didn't
find the time for this yet. And there is still no possibility to mail
the password in case the user forgot it. I don't know how to solve this
because the password is stored encrypted. We could surely save the
unencrypted password in the MySQL table too, but then the encription in
the .htpasswd file gets grotesk somehow...
It also lacks the possibility for the user to change the entered data.
I am looking forward for your comments.
*Comment mailer: Every user can specify if (s)he wants comments for
his/her own levels sent out by eMail. Therefore one has to activate the
comment mailer during user signup.
Greetings
Björn
P.S.: David, you will have to adjust the $db_* entries... Thx.
Index: Pingus/contrib/level_comment_tool/level-cache.inc
===================================================================
--- Pingus/contrib/level_comment_tool/level-cache.inc (revision 2297)
+++ Pingus/contrib/level_comment_tool/level-cache.inc (working copy)
@@ -39,16 +39,13 @@
$db_tablename = 'lct_cache';
$db_name = 'pingus';
$db_host = 'localhost';
-$db_user = 'pingus';
-$db_pass = 'pingus';
+$db_user = 'root';
+$db_pass = '';
-function create_table( $tablename )
+function create_table( $conn, $db, $tablename, $SQL )
{
- global $db_name;
- global $db_handle;
-
$table_exists = False;
- $res = mysql_list_tables( $db_name );
+ $res = mysql_list_tables( $db );
for ($i=0;$i<mysql_num_rows( $res );$i++)
if (mysql_tablename( $res, $i ) == $tablename)
@@ -56,12 +53,11 @@
if (!$table_exists)
{
- $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL ,`Value`
TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
- $res = mysql_query( $SQL, $db_handle );
- if (!$res)
- return False;
- else
- return $tablename;
+ $res = mysql_query( $SQL, $conn );
+ if (!$res)
+ return False;
+ else
+ return $tablename;
}
else
return $tablename;
@@ -100,21 +96,22 @@
//MySQL is used as cache
case "MySQL":
- $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
- if (!$db_handle)
- {
+ $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_handle)
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to
database server ($db_host)!</b></font></p>";
exit;
}
if (! mysql_select_db( $db_name, $db_handle ))
- {
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
exit;
}
+ $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL".
+ " ,`Value` TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
+ $db_tablename = create_table($db_handle, $db_name, $db_tablename,
$SQL);//creates the table if necessary and returns the tablename
- $db_tablename = create_table($db_tablename);//creates the table if
necessary and returns the tablename
-
if (!$db_tablename)
{
echo '<p><font color="red"><b>ERROR: Cannot create cache
table!</b></font></p>';
@@ -352,7 +349,7 @@
"author" => "pingus-level-comment/author",
"email" => "pingus-level-comment/email",
"date" => "pingus-level-comment/date",
- "time" => "pingus-level-comment/time",
+ "time" => "pingus-level-comment/time",
"difficulty" => "pingus-level-comment/difficulty",
"rating" => "pingus-level-comment/rating",
"comment" => "pingus-level-comment/comment",
@@ -366,8 +363,8 @@
$cmt["filename"] = $filename;
// is the time set? (it is not in old comment files)
- if (isset($cmt["time"]))
- $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
+ if (isset($cmt["time"]))
+ $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
else
$res[$cmt["date"] . '-' . substr(md5(implode("", file($filename))),0,8)]
= $cmt;
}
@@ -401,8 +398,8 @@
"username" => "pingus-demo-metafile/username",
"email" => "pingus-demo-metafile/email",
"date" => "pingus-demo-metafile/date",
- "time" => "pingus-demo-metafile/time",
- "demofile" => "pingus-demo-metafile/demofile",
+ "time" => "pingus-demo-metafile/time",
+ "demofile" => "pingus-demo-metafile/demofile",
"levelmd5" => "pingus-demo-metafile/levelmd5"
));
Index: Pingus/contrib/level_comment_tool/login-system.inc
===================================================================
--- Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
+++ Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
@@ -0,0 +1,277 @@
+<?php
+
+// functions concering user signup and login
+// this file needs a working MySQL database with the correct values
+// set in level-cache.inc!!!
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice,
this
+// list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products
derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+global $db_conn;
+global $db_usertablename;
+$db_conn = False;
+$db_usertablename = "lct_users";
+
+// ==================================================================
+// opens database connection
+// ==================================================================
+function open_db()
+{
+ global $db_conn;
+ global $db_name;
+ global $db_host;
+ global $db_user;
+ global $db_pass;
+
+ $db_conn = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_conn)
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to database
server ($db_host)!</b></font></p>";
+ exit;
+ }
+
+ if (! mysql_select_db( $db_name, $db_conn ))
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
+ exit;
+ }
+}
+
+// ==================================================================
+// closes database connection
+// ==================================================================
+function close_db()
+{
+ global $db_conn;
+
+ if ($db_conn !== False)
+ {
+ mysql_close($db_conn);
+ $db_conn = False;
+ }
+}
+
+// ==================================================================
+// saves the dataset of a user
+// ==================================================================
+function save_user_data( $name, $email, $com_mailer )
+{
+ global $db_conn;
+ global $db_usertablename;
+
+ if ($com_mailer == "on")
+ $com_mailer = 1;
+ else
+ $com_mailer = 0;
+
+ $SQL = "INSERT INTO $db_usertablename (`Name`,`eMail`,`commentmailer`)".
+ " VALUES ('$name','$email',$com_mailer)";
+ if (!mysql_query( $SQL, $db_conn ))
+ {
+ echo '<p><font color="red"><b>ERROR: Cannot save user
data!</b></font></p>';
+ return False;
+ }
+ else
+ return True;
+}
+
+// ==================================================================
+// loads user data from database
+// ==================================================================
+function get_user_data( $u_email )
+{
+ global $db_conn;
+ global $db_usertablename;
+ $ret = Array();
+
+ open_db();
+
+ $SQL = "SELECT * FROM $db_usertablename WHERE eMail='$u_email'";
+ $succ = mysql_query( $SQL, $db_conn );
+ if (!$succ)
+ {
+ echo "<p><font color='red'><b>ERROR: Cannot find data for user
$u_email!</b></font></p>";
+ exit;
+ }
+
+ list( ,$name,$email,$com_mailer ) = mysql_fetch_row( $succ );
+ $ret["name"] = htmlentities($name);
+ $ret["email"] = htmlentities($email);
+ $ret["com_mailer"] = htmlentities($com_mailer);
+
+ close_db();
+
+ return $ret;
+}
+
+// ==================================================================
+// Show a signup form
+// ==================================================================
+function show_signup_form()
+{
+ $params = "?";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
+
+ echo '<script language = "JavaScript">'."\n".
+ '<!--'."\n".
+ 'function TestError()'."\n".
+ '{'."\n".
+ ' var f = document.Signup;'."\n".
+ ' var errors = "";'."\n".
+ ' var i;'."\n".
+ ' var IsError = false;'."\n\n".
+ ' if ((f.elements["username"].value == "") ||
(f.elements["username"].value == null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your Name!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["email"].value == "") || (f.elements["email"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass"].value == "") || (f.elements["pass"].value ==
null))'."\n".
+ ' {'."\n".
+ ' errors += "Please choose a password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass2"].value == "") || (f.elements["pass2"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please retype your password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+ ' {'."\n".
+ ' errors += "The passwords do not match, please retype
them!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if ((f.elements["email"].value.indexOf("@") == -1) ||
(f.elements["email"].value.length < 3))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter a valid email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if (IsError==true)'."\n".
+ ' {'."\n".
+ ' alert(errors);'."\n".
+ ' return false;'."\n".
+ ' } '."\n".
+ ' return true;'."\n".
+ '}'."\n".
+ '--></script>'."\n\n";
+
+ echo "<H2>Pingus level comment database - user signup</H2>".
+ "Please keep the following in mind:".
+ "<UL><LI>enter your real name and a valid eMail adress</LI>".
+ "<LI>please remember your password since there is no possibility to
mail it to you yet</LI>".
+ "<LI>after signup your login name is the entered mail adress<LI>".
+ "</UL>By activating the checkbox you can".
+ " activate the comment mailer, that means you will receive comments
about your own levels".
+ " by eMail (this is only important for level designers).<br><br>\n";
+
+ echo '<form enctype="multipart/form-data" name="Signup"
action="'.$PHP_SELF.$params.'" method="POST" onSubmit="return
TestError()">'."\n".
+ '<input type="hidden" name="usersignedup" value="1">'."\n".
+ '<table>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your name</td>'."\n".
+ ' <td><input type="text" name="username"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your email</td>'."\n".
+ ' <td><input type="text" name="email"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Comment mailer</td>'."\n".
+ ' <td><input type="checkbox" name="commentmailer"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Pick a password</td>'."\n".
+ ' <td><input type="password" name="pass"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Retype password</td>'."\n".
+ ' <td><input type="password" name="pass2"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td colspan="2"><input type="submit" value="signup now"></td>'."\n".
+ ' </tr>'."\n".
+ '</table>'."\n".
+ '</form>'."\n";
+}
+
+// ==================================================================
+// Save singed up user data (uses $db_* variables from level-cache.inc)
+// ==================================================================
+function signup_user()
+{
+ global $DBMS;
+ global $db_usertablename;
+ global $db_conn;
+ global $db_name;
+
+ if (!isset( $_POST["usersignedup"] ))
+ exit;
+
+ if ($DBMS != "MySQL")
+ {
+ echo "MySQL support necessary. Signup not possible!!!";
+ exit;
+ }
+
+ $u_name = $_POST["username"];
+ $u_email = strtolower($_POST["email"]);
+ $u_com_mailer = $_POST["commentmailer"];
+ $u_pass = $_POST["pass"];
+
+ // look if user is already there
+ $pass_arr = load_htpasswd();
+ while (list($u, $p) = each($pass_arr))
+ {
+ if ($u_email == $u)
+ {
+ echo '<p><font color="red"><b>ERROR: This mailadress already has a user
account!</b></font></p>';
+ return False;
+ }
+ }
+ $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+ save_htpasswd( $pass_arr );
+
+ open_db();
+ $SQL = "CREATE TABLE `$db_usertablename` (`ID` INT NOT NULL AUTO_INCREMENT
,`Name` VARCHAR( 100 ) NOT NULL ,".
+ "`eMail` VARCHAR( 100 ) NOT NULL ,`commentmailer` TINYINT( 1 ) NOT
NULL ,PRIMARY KEY ( `ID` ) ,".
+ "UNIQUE (`eMail`));";
+ $db_usertablename = create_table( $db_conn, $db_name, $db_usertablename,
$SQL );
+ save_user_data( $u_name, $u_email, $u_com_mailer );
+ close_db();
+ echo '<p><font color="green"><b>Your data has been saved. You can now login
via the link on the right.<br>'.
+ 'Please remember that your eMail adress is used as login
name<br></b></font></p>';
+}
+
+
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/index.php
===================================================================
--- Pingus/contrib/level_comment_tool/index.php (revision 2297)
+++ Pingus/contrib/level_comment_tool/index.php (working copy)
@@ -27,16 +27,24 @@
require_once("level-cache.inc");
require_once("mail-settings.inc");
require_once("htpasswd.inc");
+require_once("login-system.inc");
// ==================================================================
-// Admin login.
+// User/Admin login or signup new user
// ==================================================================
-
$htpasswd = load_htpasswd();
$is_admin = False;
-if ( isset($_SERVER['PHP_AUTH_PW']))
- $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
-
+$is_user = False;
+$user_data = Array();
+if ( isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER']))
+ if ($_SERVER['PHP_AUTH_USER'] == "admin")
+ $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
+ else
+ {
+ $is_user = test_htpasswd( $htpasswd,
strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] );
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+
if ( isset($_GET["adminlogin"]))
{
if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -49,7 +57,7 @@
else
{
if ( !isset($_SERVER['PHP_AUTH_PW']) ||
- !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
+ !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
{
header('HTTP/1.0 401 Unauthorized');
echo 'Wrong password. Hit Back.';
@@ -60,6 +68,33 @@
}
}
+if ( isset($_GET["userlogin"]))
+{
+ if (!isset($_SERVER['PHP_AUTH_USER']))
+ {
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Cancelled. Hit Back.';
+ exit;
+ }
+ else
+ {
+ if ( !isset($_SERVER['PHP_AUTH_PW']) ||
+ !test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']),
$_SERVER['PHP_AUTH_PW'] ))
+ {
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Wrong password. Hit Back.';
+ exit;
+ }
+ else
+ {
+ $is_user = True;
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+ }
+}
+
+
// ==================================================================
// Thumbnail magick with cookies etc.
// ==================================================================
@@ -83,15 +118,67 @@
<body>
<h1>Pingus level comment database</h1>
+
+ <? if (!$is_user && !$is_admin)
+ {
+ $params = "";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."userlogin=1" ?>">Login</a>
+ </td>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."signup=1" ?>">Signup</a>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <? }
+ else
+ {
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td>
+ <? echo $user_data["name"] ?> is logged in
+ </td>
+ </tr>
+ </table>
+ </div>
+ <?
+ }
+ ?>
<div class="mainbody">
<?
+// ==================================================================
+// Signup for new user
+// ==================================================================
+if (isset( $_GET["signup"] ))
+{
+ show_signup_form();
+ exit;
+}
+if (isset( $_POST["usersignedup"] ))
+{
+ signup_user();
+}
-$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
-
// ==================================================================
// Read cathegory and level names from filesystem
// ==================================================================
+$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
$cathegories = Array();
$dir = dir("data/levels");
while ($file = $dir->read())
@@ -129,8 +216,7 @@
$showCath = '&c=' . $_GET["c"];
if ( $show_thumbs )
- print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
-
+ print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
else
print "<a href='$PHP_SELF?showthumbs=1$showCath'>[show
thumbnails]</a></br>";
@@ -327,10 +413,12 @@
if ( !is_dir("comments/$c/$l"))
{
- mkdir("comments/$c",0777);
- mkdir("comments/$c/$l",0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
+ @mkdir("comments/$c",0775);
+ @mkdir("comments/$c/$l",0775);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
if ( !is_dir("comments/$c/$l"))
{
print ("<strong>ERROR: 'comments/$c/$l/' does not exist and ".
@@ -367,7 +455,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename,"pingus");
// Send email-notification
if ( $mail_notify_enabled )
@@ -404,7 +493,7 @@
// ==================================================================
// Delete comment
// ==================================================================
- if ( $is_admin && isset($_GET["delcomment"]))
+ if ( ($is_admin || $is_user) && isset($_GET["delcomment"]))
{
sandbox_check($_GET["delcomment"], "comments/" );
unlink($_GET["delcomment"]);
@@ -413,8 +502,32 @@
@rmdir("comments/$c");
print "<p><strong>Deleted '" . htmlentities($_GET["delcomment"]) .
"'</strong></p>";
}
+
+ // ==================================================================
+ // Delete demo file and metafile
+ // ==================================================================
+ if ( ($is_admin || $is_user) && isset($_GET["deldemo"]))
+ {
+ sandbox_check($_GET["deldemo"], "comments/" );
+
+ $demos = parse_level_demos( $c, $l );
+ while( list(,$cmt) = each($demos))
+ {
+ if ($_GET["deldemo"] == $cmt["filename"])
+ {
+ //delete demofile and metafile
+ unlink( "comments/$c/$l/demos/".$cmt["demofile"] );
+ unlink( $_GET["deldemo"] );
+ }
+ }
+ // Also try to remove the directories but don't mind if it fails:
+ @rmdir("comments/$c/$l/demos");
+ @rmdir("comments/$c/$l");
+ @rmdir("comments/$c");
+ print "<p><strong>Deleted '" . htmlentities($_GET["deldemo"]) .
"'</strong></p>";
+ }
- // ==================================================================
+ // ==================================================================
// Save uploaded Demofile
// ==================================================================
if ( $_POST["adddemo"] == 1)
@@ -422,12 +535,16 @@
//create directory if necessary
if ( !is_dir("comments/$c/$l/demos"))
{
- mkdir("comments/$c", 0777);
- mkdir("comments/$c/$l", 0777);
- mkdir("comments/$c/$l/demos", 0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
- chmod("comments/$c/$l/demos",0777);
+ @mkdir("comments/$c", 0777);
+ @mkdir("comments/$c/$l", 0777);
+ @mkdir("comments/$c/$l/demos", 0777);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
+ chmod("comments/$c/$l/demos",0775);
+ chgrp("comments/$c/$l/demos","pingus");
+
if ( !is_dir("comments/$c/$l/demos"))
{
print ("<strong>ERROR: 'comments/$c/$l/demos' does not exist and ".
@@ -443,7 +560,8 @@
{
if (move_uploaded_file($_FILES['demofile']['tmp_name'], $uploaddir.
'/' . $_FILES['demofile']['name']))
{
- chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0777 );
+ chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0775 );
+ chgrp( "comments/$c/$l/demos/" . $_FILES['demofile']['name'],
"pingus" );
print("<strong>File uploaded successfully</strong><hr/>");
$str = '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . ">\n" .
"<pingus-demo-metafile>\n".
@@ -470,7 +588,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename, "pingus");
}
}
else
@@ -510,7 +629,7 @@
$rating = intval($cmt["rating"]);
$leveldata["avgrating"] += $rating;
- if ( $is_admin )
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]) )
$del_link = " <a href='$PHP_SELF?c=" . htmlentities($c) .
"&l=" . htmlentities($l) . "&delcomment=" .
htmlentities($cmt["filename"]) . "'>[del]</a>\n";
$str =
@@ -536,18 +655,21 @@
if ( count($demos) > 0 )
{
$showDemos = True;
-
+ $del_link="";
while( list(,$cmt) = each($demos))
{
$leveldata["totaldemos"]++;
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]))
+ $del_link = " - <a href='$PHP_SELF?c=" .
htmlentities($c)."&l=" . htmlentities($l) .
+ "&deldemo=" . htmlentities($cmt["filename"]) .
"'>[del]</a>\n";
$str =
"<p class='message'><strong>From:</strong> " .
htmlentities($cmt["username"]) .
" <" . str_replace("@", "<b><small>PingusNoSpam</small></b>@",
htmlentities($cmt["email"])) .
"><br><strong>Date: </strong> " . htmlentities($cmt["date"]) .
", <strong>Time: </strong> " . htmlentities($cmt["time"]) .
"<br/>\n" .
"<b>Demofile: </b><a href='comments/$c/$l/demos/" . $cmt["demofile"]
. "'>" .
- $cmt["demofile"] . "</a><br/>\n" .
+ $cmt["demofile"] . "</a>$del_link<br/>\n" .
"</p>\n";
if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5))
@@ -585,6 +707,17 @@
$levelmd5 = $curlevelmd5;
if ( isset( $_GET["levelmd5"] ))
$levelmd5 = $_GET["levelmd5"];
+
+ if ($is_user)
+ {
+ $input_name = '<input type="text" name="author" value="' .
$user_data["name"] . '">';
+ $input_mail = '<input type="text" name="email" value="' .
$user_data["email"] . '">';
+ }
+ else
+ {
+ $input_name = '<input type="text" name="author">';
+ $input_mail = '<input type="text" name="email">';
+ }
?>
<hr/>
<table width="100%">
@@ -599,11 +732,11 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="author"></td>
+ <td><? echo ($input_name); ?></td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><? echo ($input_mail); ?></td>
</tr>
<tr>
<td>Difficulty</td>
@@ -641,6 +774,9 @@
</form>
</td>
<td width="50%" valign="top">
+ <? if ($is_user || $is_admin)
+ {
+ ?>
<p><em><strong>Upload a demofile:</strong></em></p>
<form enctype="multipart/form-data" name="UploadDemo" action="<?
echo $PHP_SELF . "?c=" . urlencode($c) . "&l=" . urlencode($l); ?>"
method="POST">
<input type="hidden" name="adddemo" value="1">
@@ -650,11 +786,15 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="username"></td>
+ <td><input type="text" name="username"<? if ($is_user)
+ echo '
value="'.$user_data["name"].'"'?>>
+ </td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><input type="text" name="email"<? if ($is_user)
+ echo '
value="'.$user_data["email"].'"' ?>>
+ </td>
</tr>
<tr>
<td>Demofile</td>
@@ -669,14 +809,27 @@
</tr>
</table>
</form>
+ <? }
+ ?>
</td>
</tr>
</table>
<?
print "<p><a href='$PHP_SELF?c=" . urlencode($c) . "'>Back to level
list</a></p>";
- if ( !$is_admin )
+ if ( !$is_admin && !$is_user)
+ {
+ $params = "";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
print "<div align='right'><a href='$PHP_SELF?adminlogin=1'><small>admin
login</small></a></div>";
+ }
}
}
- LCT Login System,
Björn Fischer <=