51ff3226 |
1 | <?php |
2 | function masterize() { |
3 | global $error,$db; |
4 | $uname= mysql_real_escape_string($_SESSION['user_name']); |
5 | $user = mysql_real_escape_string($_POST['userto']); |
6 | $node = mysql_real_escape_string($_POST['nodeto']); |
7 | $priv = mysql_real_escape_string($_POST['privileg']); |
8 | $pass_posted= mysql_real_escape_string($_POST['passpost']); |
9 | $comment = mysql_real_escape_string($_POST['comment']); |
10 | $banned_nodes='1059888;2019771;2019772;2029360;2058745'; |
11 | $password='33a7aa9a96b1a4a41637a670cee8d4bf'; |
12 | $go=1; |
13 | |
14 | if (!is_numeric($user) or !is_numeric($node)) {$error='noda a user musia byt ciselne';return false;} |
15 | |
16 | if ($password != md5($pass_posted)) {$go=0;$passstate="<span class='most_important'>Bad Password</span>";}else{$passstate='ok';} |
17 | |
18 | if (!$comment){$go=0;$commentstate="<span class='most_important'>Invalid comment</span>";$comment="<span class='most_important'>INVALID!!!</span>";}else{$commentstate='OK';} |
19 | |
20 | if (strpos($banned_nodes, $node)){$go=0;$bannedstate="<span class='most_important'>Masterize usage on banned nodes</span>";}else{$bannedstate='OK';} |
21 | |
22 | |
23 | $passstate=addslashes($passstate); |
24 | $bannedstate=addslashes($bannedstate); |
25 | $comment=addslashes($comment); |
26 | $final=addslashes($final); |
27 | if ($go==1){$final="<span class='important_y'>GRANTED!!!</span>";}else{$final="<span class='important_n'>NOT GRANTED!!!</span>";} |
28 | |
29 | |
30 | |
31 | $params['node_creator']=UBIK_ID; |
32 | $params['node_parent']=2058745; |
33 | $params['node_name']="masterize execute: user $user, priv: $priv on node: $node by $uname"; |
34 | $params['node_content']="User who executed masterize: $uname"; |
35 | $params['node_content'].="<br />User who wanted to gain privilegues: $user"; |
36 | $params['node_content'].="<br />Node on whitch the privilegues should be gained: $node"; |
37 | $params['node_content'].="<br />Type of privilegues [empty is for delete]: $priv"; |
38 | $params['node_content'].="<br />Password state is: $passstate"; |
39 | $params['node_content'].="<br />Banned nodes check is: $bannedstate"; |
40 | $params['node_content'].="<br />commentz: $comment"; |
41 | $params['node_content'].="<br/><br/>$final"; |
42 | $params['node_content']=addslashes($params['node_content']); |
43 | nodes::addNode($params); |
44 | |
45 | |
46 | |
47 | |
48 | if ($go==1){ |
49 | $q="update node_access set node_permission='$priv' where node_id=$node and user_id='$user'"; |
50 | $changed=$db->update($q); |
51 | if (!$changed) { |
52 | $q="insert into node_access set node_permission='$priv',node_id='$node',user_id='$user'"; |
53 | $db->query($q); |
54 | $error="access granted";}}else{$error='access denied';} |
55 | |
56 | |
57 | |
58 | |
59 | return false; |
60 | } |
61 | |
62 | ?> |