[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LCT Login System
From: |
Björn Fischer |
Subject: |
Re: LCT Login System |
Date: |
Sat, 24 Apr 2004 20:44:24 +0200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 |
David Philippi wrote:
Am Fr, den 23.04.2004 schrieb Björn Fischer um 19:44:
I made a patch for the LCT that implements a simple login system. Since
it uses http Basic authentication method it is not too comfortable, but
it works.
It's gotten a major problem - if you try to login with wrong data, you
can't use the LCT afterwards anymore unless you close your browser. I
don't view this as an acceptable restriction.
Yep, that's right. I corrected this. It now responds over and over with
a WWW-Authenticate header until the user enters the correct password.
BTW since the demo files/comments made so much problems regarding
permisisons so far, I strongly suggest to put them into the db and
thereby get rid of the problem for good.
Maybe I can take care of this next week. But I would first like to have
the login system complete...
Greetings
Björn
Index: Pingus/contrib/level_comment_tool/level-cache.inc
===================================================================
--- Pingus/contrib/level_comment_tool/level-cache.inc (revision 2297)
+++ Pingus/contrib/level_comment_tool/level-cache.inc (working copy)
@@ -39,16 +39,13 @@
$db_tablename = 'lct_cache';
$db_name = 'pingus';
$db_host = 'localhost';
-$db_user = 'pingus';
-$db_pass = 'pingus';
+$db_user = 'root';
+$db_pass = '';
-function create_table( $tablename )
+function create_table( $conn, $db, $tablename, $SQL )
{
- global $db_name;
- global $db_handle;
-
$table_exists = False;
- $res = mysql_list_tables( $db_name );
+ $res = mysql_list_tables( $db );
for ($i=0;$i<mysql_num_rows( $res );$i++)
if (mysql_tablename( $res, $i ) == $tablename)
@@ -56,12 +53,11 @@
if (!$table_exists)
{
- $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL ,`Value`
TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
- $res = mysql_query( $SQL, $db_handle );
- if (!$res)
- return False;
- else
- return $tablename;
+ $res = mysql_query( $SQL, $conn );
+ if (!$res)
+ return False;
+ else
+ return $tablename;
}
else
return $tablename;
@@ -100,21 +96,22 @@
//MySQL is used as cache
case "MySQL":
- $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
- if (!$db_handle)
- {
+ $db_handle = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_handle)
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to
database server ($db_host)!</b></font></p>";
exit;
}
if (! mysql_select_db( $db_name, $db_handle ))
- {
+ {
echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
exit;
}
+ $SQL = "CREATE TABLE `$tablename` (`Key` VARCHAR( 255 ) NOT NULL".
+ " ,`Value` TEXT NOT NULL , PRIMARY KEY ( `Key` ) );";
+ $db_tablename = create_table($db_handle, $db_name, $db_tablename,
$SQL);//creates the table if necessary and returns the tablename
- $db_tablename = create_table($db_tablename);//creates the table if
necessary and returns the tablename
-
if (!$db_tablename)
{
echo '<p><font color="red"><b>ERROR: Cannot create cache
table!</b></font></p>';
@@ -352,7 +349,7 @@
"author" => "pingus-level-comment/author",
"email" => "pingus-level-comment/email",
"date" => "pingus-level-comment/date",
- "time" => "pingus-level-comment/time",
+ "time" => "pingus-level-comment/time",
"difficulty" => "pingus-level-comment/difficulty",
"rating" => "pingus-level-comment/rating",
"comment" => "pingus-level-comment/comment",
@@ -366,8 +363,8 @@
$cmt["filename"] = $filename;
// is the time set? (it is not in old comment files)
- if (isset($cmt["time"]))
- $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
+ if (isset($cmt["time"]))
+ $res[$cmt["date"] . '-' . $cmt["time"]] = $cmt;
else
$res[$cmt["date"] . '-' . substr(md5(implode("", file($filename))),0,8)]
= $cmt;
}
@@ -401,8 +398,8 @@
"username" => "pingus-demo-metafile/username",
"email" => "pingus-demo-metafile/email",
"date" => "pingus-demo-metafile/date",
- "time" => "pingus-demo-metafile/time",
- "demofile" => "pingus-demo-metafile/demofile",
+ "time" => "pingus-demo-metafile/time",
+ "demofile" => "pingus-demo-metafile/demofile",
"levelmd5" => "pingus-demo-metafile/levelmd5"
));
Index: Pingus/contrib/level_comment_tool/login-system.inc
===================================================================
--- Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
+++ Pingus/contrib/level_comment_tool/login-system.inc (revision 0)
@@ -0,0 +1,277 @@
+<?php
+
+// functions concering user signup and login
+// this file needs a working MySQL database with the correct values
+// set in level-cache.inc!!!
+//
+// Copyright (C) 2004 Björn Fischer <address@hidden>
+//
+// Redistribution and use in source and binary forms, with or without
modification,
+// are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice,
this
+// list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * The name of the author may not be used to endorse or promote products
derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY
+// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR
+// BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+global $db_conn;
+global $db_usertablename;
+$db_conn = False;
+$db_usertablename = "lct_users";
+
+// ==================================================================
+// opens database connection
+// ==================================================================
+function open_db()
+{
+ global $db_conn;
+ global $db_name;
+ global $db_host;
+ global $db_user;
+ global $db_pass;
+
+ $db_conn = mysql_connect( $db_host, $db_user, $db_pass );
+ if (!$db_conn)
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot open connection to database
server ($db_host)!</b></font></p>";
+ exit;
+ }
+
+ if (! mysql_select_db( $db_name, $db_conn ))
+ {
+ echo "<p><font color=\"red\"><b>ERROR: Cannot select database
'$db_name'!</b></font></p>";
+ exit;
+ }
+}
+
+// ==================================================================
+// closes database connection
+// ==================================================================
+function close_db()
+{
+ global $db_conn;
+
+ if ($db_conn !== False)
+ {
+ mysql_close($db_conn);
+ $db_conn = False;
+ }
+}
+
+// ==================================================================
+// saves the dataset of a user
+// ==================================================================
+function save_user_data( $name, $email, $com_mailer )
+{
+ global $db_conn;
+ global $db_usertablename;
+
+ if ($com_mailer == "on")
+ $com_mailer = 1;
+ else
+ $com_mailer = 0;
+
+ $SQL = "INSERT INTO $db_usertablename (`Name`,`eMail`,`commentmailer`)".
+ " VALUES ('$name','$email',$com_mailer)";
+ if (!mysql_query( $SQL, $db_conn ))
+ {
+ echo '<p><font color="red"><b>ERROR: Cannot save user
data!</b></font></p>';
+ return False;
+ }
+ else
+ return True;
+}
+
+// ==================================================================
+// loads user data from database
+// ==================================================================
+function get_user_data( $u_email )
+{
+ global $db_conn;
+ global $db_usertablename;
+ $ret = Array();
+
+ open_db();
+
+ $SQL = "SELECT * FROM $db_usertablename WHERE eMail='$u_email'";
+ $succ = mysql_query( $SQL, $db_conn );
+ if (!$succ)
+ {
+ echo "<p><font color='red'><b>ERROR: Cannot find data for user
$u_email!</b></font></p>";
+ exit;
+ }
+
+ list( ,$name,$email,$com_mailer ) = mysql_fetch_row( $succ );
+ $ret["name"] = htmlentities($name);
+ $ret["email"] = htmlentities($email);
+ $ret["com_mailer"] = htmlentities($com_mailer);
+
+ close_db();
+
+ return $ret;
+}
+
+// ==================================================================
+// Show a signup form
+// ==================================================================
+function show_signup_form()
+{
+ $params = "?";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
+
+ echo '<script language = "JavaScript">'."\n".
+ '<!--'."\n".
+ 'function TestError()'."\n".
+ '{'."\n".
+ ' var f = document.Signup;'."\n".
+ ' var errors = "";'."\n".
+ ' var i;'."\n".
+ ' var IsError = false;'."\n\n".
+ ' if ((f.elements["username"].value == "") ||
(f.elements["username"].value == null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your Name!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["email"].value == "") || (f.elements["email"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter your email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass"].value == "") || (f.elements["pass"].value ==
null))'."\n".
+ ' {'."\n".
+ ' errors += "Please choose a password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if ((f.elements["pass2"].value == "") || (f.elements["pass2"].value
== null))'."\n".
+ ' {'."\n".
+ ' errors += "Please retype your password!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if (f.elements["pass"].value != f.elements["pass2"].value)'."\n".
+ ' {'."\n".
+ ' errors += "The passwords do not match, please retype
them!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' }'."\n\n".
+ ' if ((f.elements["email"].value.indexOf("@") == -1) ||
(f.elements["email"].value.length < 3))'."\n".
+ ' {'."\n".
+ ' errors += "Please enter a valid email adress!\n";'."\n".
+ ' IsError = true;'."\n".
+ ' } '."\n\n".
+ ' if (IsError==true)'."\n".
+ ' {'."\n".
+ ' alert(errors);'."\n".
+ ' return false;'."\n".
+ ' } '."\n".
+ ' return true;'."\n".
+ '}'."\n".
+ '--></script>'."\n\n";
+
+ echo "<H2>Pingus level comment database - user signup</H2>".
+ "Please keep the following in mind:".
+ "<UL><LI>enter your real name and a valid eMail adress</LI>".
+ "<LI>please remember your password since there is no possibility to
mail it to you yet</LI>".
+ "<LI>after signup your login name is the entered mail adress<LI>".
+ "</UL>By activating the checkbox you can".
+ " activate the comment mailer, that means you will receive comments
about your own levels".
+ " by eMail (this is only important for level designers).<br><br>\n";
+
+ echo '<form enctype="multipart/form-data" name="Signup"
action="'.$PHP_SELF.$params.'" method="POST" onSubmit="return
TestError()">'."\n".
+ '<input type="hidden" name="usersignedup" value="1">'."\n".
+ '<table>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your name</td>'."\n".
+ ' <td><input type="text" name="username"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Your email</td>'."\n".
+ ' <td><input type="text" name="email"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Comment mailer</td>'."\n".
+ ' <td><input type="checkbox" name="commentmailer"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Pick a password</td>'."\n".
+ ' <td><input type="password" name="pass"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td>Retype password</td>'."\n".
+ ' <td><input type="password" name="pass2"></td>'."\n".
+ ' </tr>'."\n".
+ ' <tr>'."\n".
+ ' <td colspan="2"><input type="submit" value="signup now"></td>'."\n".
+ ' </tr>'."\n".
+ '</table>'."\n".
+ '</form>'."\n";
+}
+
+// ==================================================================
+// Save singed up user data (uses $db_* variables from level-cache.inc)
+// ==================================================================
+function signup_user()
+{
+ global $DBMS;
+ global $db_usertablename;
+ global $db_conn;
+ global $db_name;
+
+ if (!isset( $_POST["usersignedup"] ))
+ exit;
+
+ if ($DBMS != "MySQL")
+ {
+ echo "MySQL support necessary. Signup not possible!!!";
+ exit;
+ }
+
+ $u_name = $_POST["username"];
+ $u_email = strtolower($_POST["email"]);
+ $u_com_mailer = $_POST["commentmailer"];
+ $u_pass = $_POST["pass"];
+
+ // look if user is already there
+ $pass_arr = load_htpasswd();
+ while (list($u, $p) = each($pass_arr))
+ {
+ if ($u_email == $u)
+ {
+ echo '<p><font color="red"><b>ERROR: This mailadress already has a user
account!</b></font></p>';
+ return False;
+ }
+ }
+ $pass_arr[$u_email] = rand_salt_crypt($u_pass);
+ save_htpasswd( $pass_arr );
+
+ open_db();
+ $SQL = "CREATE TABLE `$db_usertablename` (`ID` INT NOT NULL AUTO_INCREMENT
,`Name` VARCHAR( 100 ) NOT NULL ,".
+ "`eMail` VARCHAR( 100 ) NOT NULL ,`commentmailer` TINYINT( 1 ) NOT
NULL ,PRIMARY KEY ( `ID` ) ,".
+ "UNIQUE (`eMail`));";
+ $db_usertablename = create_table( $db_conn, $db_name, $db_usertablename,
$SQL );
+ save_user_data( $u_name, $u_email, $u_com_mailer );
+ close_db();
+ echo '<p><font color="green"><b>Your data has been saved. You can now login
via the link on the right.<br>'.
+ 'Please remember that your eMail adress is used as login
name<br></b></font></p>';
+}
+
+
+?>
\ No newline at end of file
Index: Pingus/contrib/level_comment_tool/index.php
===================================================================
--- Pingus/contrib/level_comment_tool/index.php (revision 2297)
+++ Pingus/contrib/level_comment_tool/index.php (working copy)
@@ -27,16 +27,24 @@
require_once("level-cache.inc");
require_once("mail-settings.inc");
require_once("htpasswd.inc");
+require_once("login-system.inc");
// ==================================================================
-// Admin login.
+// User/Admin login or signup new user
// ==================================================================
-
$htpasswd = load_htpasswd();
$is_admin = False;
-if ( isset($_SERVER['PHP_AUTH_PW']))
- $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
-
+$is_user = False;
+$user_data = Array();
+if ( isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER']))
+ if ($_SERVER['PHP_AUTH_USER'] == "admin")
+ $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] );
+ else
+ {
+ $is_user = test_htpasswd( $htpasswd,
strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] );
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+
if ( isset($_GET["adminlogin"]))
{
if (!isset($_SERVER['PHP_AUTH_USER']))
@@ -49,10 +57,11 @@
else
{
if ( !isset($_SERVER['PHP_AUTH_PW']) ||
- !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
+ !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ))
{
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool Admin"');
header('HTTP/1.0 401 Unauthorized');
- echo 'Wrong password. Hit Back.';
+ echo 'Cancelled. Hit Back.';
exit;
}
else
@@ -60,6 +69,34 @@
}
}
+if ( isset($_GET["userlogin"]))
+{
+ if (!isset($_SERVER['PHP_AUTH_USER']))
+ {
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Cancelled. Hit Back.';
+ exit;
+ }
+ else
+ {
+ if ( !isset($_SERVER['PHP_AUTH_PW']) ||
+ !test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']),
$_SERVER['PHP_AUTH_PW'] ))
+ {
+ header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo 'Cancelled. Hit Back.';
+ exit;
+ }
+ else
+ {
+ $is_user = True;
+ $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] );
+ }
+ }
+}
+
+
// ==================================================================
// Thumbnail magick with cookies etc.
// ==================================================================
@@ -83,15 +120,67 @@
<body>
<h1>Pingus level comment database</h1>
+
+ <? if (!$is_user && !$is_admin)
+ {
+ $params = "";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."userlogin=1" ?>">Login</a>
+ </td>
+ <td>
+ <a href="<? echo "$PHP_SELF?$params"."signup=1" ?>">Signup</a>
+ </td>
+ </tr>
+ </table>
+ </div>
+ <? }
+ else
+ {
+ ?>
+ <div align="right">
+ <table border="0" align="right" cellspacing="10">
+ <tr>
+ <td>
+ <? echo $user_data["name"] ?> is logged in
+ </td>
+ </tr>
+ </table>
+ </div>
+ <?
+ }
+ ?>
<div class="mainbody">
<?
+// ==================================================================
+// Signup for new user
+// ==================================================================
+if (isset( $_GET["signup"] ))
+{
+ show_signup_form();
+ exit;
+}
+if (isset( $_POST["usersignedup"] ))
+{
+ signup_user();
+}
-$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
-
// ==================================================================
// Read cathegory and level names from filesystem
// ==================================================================
+$preferred_order = Array( 'tutorial', 'playable', 'volcano', 'wip', 'test' );
$cathegories = Array();
$dir = dir("data/levels");
while ($file = $dir->read())
@@ -129,8 +218,7 @@
$showCath = '&c=' . $_GET["c"];
if ( $show_thumbs )
- print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
-
+ print "<a href='$PHP_SELF?showthumbs=0$showCath'>[hide
thumbnails]</a></br>";
else
print "<a href='$PHP_SELF?showthumbs=1$showCath'>[show
thumbnails]</a></br>";
@@ -327,10 +415,12 @@
if ( !is_dir("comments/$c/$l"))
{
- mkdir("comments/$c",0777);
- mkdir("comments/$c/$l",0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
+ @mkdir("comments/$c",0775);
+ @mkdir("comments/$c/$l",0775);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
if ( !is_dir("comments/$c/$l"))
{
print ("<strong>ERROR: 'comments/$c/$l/' does not exist and ".
@@ -367,7 +457,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename,"pingus");
// Send email-notification
if ( $mail_notify_enabled )
@@ -404,7 +495,7 @@
// ==================================================================
// Delete comment
// ==================================================================
- if ( $is_admin && isset($_GET["delcomment"]))
+ if ( ($is_admin || $is_user) && isset($_GET["delcomment"]))
{
sandbox_check($_GET["delcomment"], "comments/" );
unlink($_GET["delcomment"]);
@@ -413,8 +504,32 @@
@rmdir("comments/$c");
print "<p><strong>Deleted '" . htmlentities($_GET["delcomment"]) .
"'</strong></p>";
}
+
+ // ==================================================================
+ // Delete demo file and metafile
+ // ==================================================================
+ if ( ($is_admin || $is_user) && isset($_GET["deldemo"]))
+ {
+ sandbox_check($_GET["deldemo"], "comments/" );
+
+ $demos = parse_level_demos( $c, $l );
+ while( list(,$cmt) = each($demos))
+ {
+ if ($_GET["deldemo"] == $cmt["filename"])
+ {
+ //delete demofile and metafile
+ unlink( "comments/$c/$l/demos/".$cmt["demofile"] );
+ unlink( $_GET["deldemo"] );
+ }
+ }
+ // Also try to remove the directories but don't mind if it fails:
+ @rmdir("comments/$c/$l/demos");
+ @rmdir("comments/$c/$l");
+ @rmdir("comments/$c");
+ print "<p><strong>Deleted '" . htmlentities($_GET["deldemo"]) .
"'</strong></p>";
+ }
- // ==================================================================
+ // ==================================================================
// Save uploaded Demofile
// ==================================================================
if ( $_POST["adddemo"] == 1)
@@ -422,12 +537,16 @@
//create directory if necessary
if ( !is_dir("comments/$c/$l/demos"))
{
- mkdir("comments/$c", 0777);
- mkdir("comments/$c/$l", 0777);
- mkdir("comments/$c/$l/demos", 0777);
- chmod("comments/$c",0777);
- chmod("comments/$c/$l",0777);
- chmod("comments/$c/$l/demos",0777);
+ @mkdir("comments/$c", 0777);
+ @mkdir("comments/$c/$l", 0777);
+ @mkdir("comments/$c/$l/demos", 0777);
+ chmod("comments/$c",0775);
+ chgrp("comments/$c","pingus");
+ chmod("comments/$c/$l",0775);
+ chgrp("comments/$c/$l","pingus");
+ chmod("comments/$c/$l/demos",0775);
+ chgrp("comments/$c/$l/demos","pingus");
+
if ( !is_dir("comments/$c/$l/demos"))
{
print ("<strong>ERROR: 'comments/$c/$l/demos' does not exist and ".
@@ -443,7 +562,8 @@
{
if (move_uploaded_file($_FILES['demofile']['tmp_name'], $uploaddir.
'/' . $_FILES['demofile']['name']))
{
- chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0777 );
+ chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0775 );
+ chgrp( "comments/$c/$l/demos/" . $_FILES['demofile']['name'],
"pingus" );
print("<strong>File uploaded successfully</strong><hr/>");
$str = '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . ">\n" .
"<pingus-demo-metafile>\n".
@@ -470,7 +590,8 @@
exit;
}
fclose($fp);
- chmod($filename, 0777);
+ chmod($filename, 0775);
+ chgrp($filename, "pingus");
}
}
else
@@ -510,7 +631,7 @@
$rating = intval($cmt["rating"]);
$leveldata["avgrating"] += $rating;
- if ( $is_admin )
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]) )
$del_link = " <a href='$PHP_SELF?c=" . htmlentities($c) .
"&l=" . htmlentities($l) . "&delcomment=" .
htmlentities($cmt["filename"]) . "'>[del]</a>\n";
$str =
@@ -536,18 +657,21 @@
if ( count($demos) > 0 )
{
$showDemos = True;
-
+ $del_link="";
while( list(,$cmt) = each($demos))
{
$leveldata["totaldemos"]++;
+ if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]))
+ $del_link = " - <a href='$PHP_SELF?c=" .
htmlentities($c)."&l=" . htmlentities($l) .
+ "&deldemo=" . htmlentities($cmt["filename"]) .
"'>[del]</a>\n";
$str =
"<p class='message'><strong>From:</strong> " .
htmlentities($cmt["username"]) .
" <" . str_replace("@", "<b><small>PingusNoSpam</small></b>@",
htmlentities($cmt["email"])) .
"><br><strong>Date: </strong> " . htmlentities($cmt["date"]) .
", <strong>Time: </strong> " . htmlentities($cmt["time"]) .
"<br/>\n" .
"<b>Demofile: </b><a href='comments/$c/$l/demos/" . $cmt["demofile"]
. "'>" .
- $cmt["demofile"] . "</a><br/>\n" .
+ $cmt["demofile"] . "</a>$del_link<br/>\n" .
"</p>\n";
if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5))
@@ -585,6 +709,17 @@
$levelmd5 = $curlevelmd5;
if ( isset( $_GET["levelmd5"] ))
$levelmd5 = $_GET["levelmd5"];
+
+ if ($is_user)
+ {
+ $input_name = '<input type="text" name="author" value="' .
$user_data["name"] . '">';
+ $input_mail = '<input type="text" name="email" value="' .
$user_data["email"] . '">';
+ }
+ else
+ {
+ $input_name = '<input type="text" name="author">';
+ $input_mail = '<input type="text" name="email">';
+ }
?>
<hr/>
<table width="100%">
@@ -599,11 +734,11 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="author"></td>
+ <td><? echo ($input_name); ?></td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><? echo ($input_mail); ?></td>
</tr>
<tr>
<td>Difficulty</td>
@@ -641,6 +776,9 @@
</form>
</td>
<td width="50%" valign="top">
+ <? if ($is_user || $is_admin)
+ {
+ ?>
<p><em><strong>Upload a demofile:</strong></em></p>
<form enctype="multipart/form-data" name="UploadDemo" action="<?
echo $PHP_SELF . "?c=" . urlencode($c) . "&l=" . urlencode($l); ?>"
method="POST">
<input type="hidden" name="adddemo" value="1">
@@ -650,11 +788,15 @@
<table>
<tr>
<td>Your name</td>
- <td><input type="text" name="username"></td>
+ <td><input type="text" name="username"<? if ($is_user)
+ echo '
value="'.$user_data["name"].'"'?>>
+ </td>
</tr>
<tr>
<td>Your email</td>
- <td><input type="text" name="email"></td>
+ <td><input type="text" name="email"<? if ($is_user)
+ echo '
value="'.$user_data["email"].'"' ?>>
+ </td>
</tr>
<tr>
<td>Demofile</td>
@@ -669,14 +811,27 @@
</tr>
</table>
</form>
+ <? }
+ ?>
</td>
</tr>
</table>
<?
print "<p><a href='$PHP_SELF?c=" . urlencode($c) . "'>Back to level
list</a></p>";
- if ( !$is_admin )
+ if ( !$is_admin && !$is_user)
+ {
+ $params = "";
+ if (isset( $_GET["c"] ))
+ $params .= 'c='.$_GET["c"].'&';
+ if (isset( $_GET["l"] ))
+ $params .= 'l='.$_GET["l"].'&';
+ if (isset( $_GET["o"] ))
+ $params .= 'o='.$_GET["o"].'&';
+ if (isset( $_GET["showthumbs"] ))
+ $params .= 'showthumbs='.$_GET["showthumbs"].'&';
print "<div align='right'><a href='$PHP_SELF?adminlogin=1'><small>admin
login</small></a></div>";
+ }
}
}