inc/eventz/masterize.inc

   1 <?php
   2 function masterize() {
   3         global $error,$db;
   4         $uname=  mysql_real_escape_string($_SESSION['user_name']);
   5         $user =  mysql_real_escape_string($_POST['userto']);
   6         $node =  mysql_real_escape_string($_POST['nodeto']);
   7         $priv =  mysql_real_escape_string($_POST['privileg']);
   8         $pass_posted= mysql_real_escape_string($_POST['passpost']);
   9         $comment = mysql_real_escape_string($_POST['comment']);
  10         $banned_nodes='1059888;2019771;2019772;2029360;2058745';
  11         $password='33a7aa9a96b1a4a41637a670cee8d4bf';
  12         $go=1;
  13
  14 if (!is_numeric($user) or !is_numeric($node)) {$error='noda a user musia byt ciselne';return false;}
  15
  16 if ($password != md5($pass_posted)) {$go=0;$passstate="<span class='most_important'>Bad Password</span>";}else{$passstate='ok';}
  17
  18 if (!$comment){$go=0;$commentstate="<span class='most_important'>Invalid comment</span>";$comment="<span class='most_important'>INVALID!!!</span>";}else{$commentstate='OK';}
  19
  20 if (strpos($banned_nodes, $node)){$go=0;$bannedstate="<span class='most_important'>Masterize usage on banned nodes</span>";}else{$bannedstate='OK';}
  21
  22
  23 $passstate=addslashes($passstate);
  24 $bannedstate=addslashes($bannedstate);
  25 $comment=addslashes($comment);
  26 $final=addslashes($final);
  27 if ($go==1){$final="<span class='important_y'>GRANTED!!!</span>";}else{$final="<span class='important_n'>NOT GRANTED!!!</span>";}
  28
  29
  30
  31         $params['node_creator']=UBIK_ID;
  32         $params['node_parent']=2058745;
  33         $params['node_name']="masterize execute: user $user, priv: $priv on node: $node by $uname";
  34         $params['node_content']="User who executed masterize: $uname";
  35         $params['node_content'].="<br />User who wanted to gain privilegues: $user";
  36         $params['node_content'].="<br />Node on whitch the privilegues should be gained: $node";
  37         $params['node_content'].="<br />Type of privilegues [empty is for delete]: $priv";
  38         $params['node_content'].="<br />Password state is: $passstate";
  39         $params['node_content'].="<br />Banned nodes check is: $bannedstate";
  40         $params['node_content'].="<br />commentz: $comment";
  41         $params['node_content'].="<br/><br/>$final";
  42  $params['node_content']=addslashes($params['node_content']);
  43 nodes::addNode($params);
  44
  45
  46
  47
  48 if ($go==1){
  49 $q="update node_access set node_permission='$priv' where node_id=$node and user_id='$user'";
  50 $changed=$db->update($q);
  51 if (!$changed) {
  52 $q="insert into node_access set node_permission='$priv',node_id='$node',user_id='$user'";
  53 $db->query($q);
  54 $error="access granted";}}else{$error='access denied';}
  55
  56
  57
  58
  59 return false;
  60     }
  61
  62 ?>