| 1 | <?php |
| 2 | function masterize() { |
| 3 | global $error,$db; |
| 4 | $uname= mysql_real_escape_string($_SESSION['user_name']); |
| 5 | $user = mysql_real_escape_string($_POST['userto']); |
| 6 | $node = mysql_real_escape_string($_POST['nodeto']); |
| 7 | $priv = mysql_real_escape_string($_POST['privileg']); |
| 8 | $pass_posted= mysql_real_escape_string($_POST['passpost']); |
| 9 | $comment = mysql_real_escape_string($_POST['comment']); |
| 10 | $banned_nodes='1059888;2019771;2019772;2029360;2058745'; |
| 11 | $password='33a7aa9a96b1a4a41637a670cee8d4bf'; |
| 12 | $go=1; |
| 13 | |
| 14 | if (!is_numeric($user) or !is_numeric($node)) {$error='noda a user musia byt ciselne';return false;} |
| 15 | |
| 16 | if ($password != md5($pass_posted)) {$go=0;$passstate="<span class='most_important'>Bad Password</span>";}else{$passstate='ok';} |
| 17 | |
| 18 | if (!$comment){$go=0;$commentstate="<span class='most_important'>Invalid comment</span>";$comment="<span class='most_important'>INVALID!!!</span>";}else{$commentstate='OK';} |
| 19 | |
| 20 | if (strpos($banned_nodes, $node)){$go=0;$bannedstate="<span class='most_important'>Masterize usage on banned nodes</span>";}else{$bannedstate='OK';} |
| 21 | |
| 22 | |
| 23 | $passstate=addslashes($passstate); |
| 24 | $bannedstate=addslashes($bannedstate); |
| 25 | $comment=addslashes($comment); |
| 26 | $final=addslashes($final); |
| 27 | if ($go==1){$final="<span class='important_y'>GRANTED!!!</span>";}else{$final="<span class='important_n'>NOT GRANTED!!!</span>";} |
| 28 | |
| 29 | |
| 30 | |
| 31 | $params['node_creator']=UBIK_ID; |
| 32 | $params['node_parent']=2058745; |
| 33 | $params['node_name']="masterize execute: user $user, priv: $priv on node: $node by $uname"; |
| 34 | $params['node_content']="User who executed masterize: $uname"; |
| 35 | $params['node_content'].="<br />User who wanted to gain privilegues: $user"; |
| 36 | $params['node_content'].="<br />Node on whitch the privilegues should be gained: $node"; |
| 37 | $params['node_content'].="<br />Type of privilegues [empty is for delete]: $priv"; |
| 38 | $params['node_content'].="<br />Password state is: $passstate"; |
| 39 | $params['node_content'].="<br />Banned nodes check is: $bannedstate"; |
| 40 | $params['node_content'].="<br />commentz: $comment"; |
| 41 | $params['node_content'].="<br/><br/>$final"; |
| 42 | $params['node_content']=addslashes($params['node_content']); |
| 43 | nodes::addNode($params); |
| 44 | |
| 45 | |
| 46 | |
| 47 | |
| 48 | if ($go==1){ |
| 49 | $q="update node_access set node_permission='$priv' where node_id=$node and user_id='$user'"; |
| 50 | $changed=$db->update($q); |
| 51 | if (!$changed) { |
| 52 | $q="insert into node_access set node_permission='$priv',node_id='$node',user_id='$user'"; |
| 53 | $db->query($q); |
| 54 | $error="access granted";}}else{$error='access denied';} |
| 55 | |
| 56 | |
| 57 | |
| 58 | |
| 59 | return false; |
| 60 | } |
| 61 | |
| 62 | ?> |