Commit | Line | Data |
---|---|---|
b42b2bf9 H |
1 | <?php |
2 | function masterize() { | |
3 | global $error,$db; | |
4 | $uname= mysql_real_escape_string($_SESSION['user_name']); | |
5 | $user = mysql_real_escape_string($_POST['userto']); | |
6 | $node = mysql_real_escape_string($_POST['nodeto']); | |
7 | $priv = mysql_real_escape_string($_POST['privileg']); | |
8 | $pass_posted= mysql_real_escape_string($_POST['passpost']); | |
9 | $comment = mysql_real_escape_string($_POST['comment']); | |
10 | $banned_nodes='1059888;2019771;2019772;2029360;2058745'; | |
11 | $password='33a7aa9a96b1a4a41637a670cee8d4bf'; | |
12 | $go=1; | |
13 | ||
14 | if (!is_numeric($user) or !is_numeric($node)) {$error='noda a user musia byt ciselne';return false;} | |
15 | ||
16 | if ($password != md5($pass_posted)) {$go=0;$passstate="<span class='most_important'>Bad Password</span>";}else{$passstate='ok';} | |
17 | ||
18 | if (!$comment){$go=0;$commentstate="<span class='most_important'>Invalid comment</span>";$comment="<span class='most_important'>INVALID!!!</span>";}else{$commentstate='OK';} | |
19 | ||
20 | if (strpos($banned_nodes, $node)){$go=0;$bannedstate="<span class='most_important'>Masterize usage on banned nodes</span>";}else{$bannedstate='OK';} | |
21 | ||
22 | ||
23 | $passstate=addslashes($passstate); | |
24 | $bannedstate=addslashes($bannedstate); | |
25 | $comment=addslashes($comment); | |
26 | $final=addslashes($final); | |
27 | if ($go==1){$final="<span class='important_y'>GRANTED!!!</span>";}else{$final="<span class='important_n'>NOT GRANTED!!!</span>";} | |
28 | ||
29 | ||
30 | ||
31 | $params['node_creator']=UBIK_ID; | |
32 | $params['node_parent']=2058745; | |
33 | $params['node_name']="masterize execute: user $user, priv: $priv on node: $node by $uname"; | |
34 | $params['node_content']="User who executed masterize: $uname"; | |
35 | $params['node_content'].="<br />User who wanted to gain privilegues: $user"; | |
36 | $params['node_content'].="<br />Node on whitch the privilegues should be gained: $node"; | |
37 | $params['node_content'].="<br />Type of privilegues [empty is for delete]: $priv"; | |
38 | $params['node_content'].="<br />Password state is: $passstate"; | |
39 | $params['node_content'].="<br />Banned nodes check is: $bannedstate"; | |
40 | $params['node_content'].="<br />commentz: $comment"; | |
41 | $params['node_content'].="<br/><br/>$final"; | |
42 | $params['node_content']=addslashes($params['node_content']); | |
43 | nodes::addNode($params); | |
44 | ||
45 | ||
46 | ||
47 | ||
48 | if ($go==1){ | |
49 | $q="update node_access set node_permission='$priv' where node_id=$node and user_id='$user'"; | |
50 | $changed=$db->update($q); | |
51 | if (!$changed) { | |
52 | $q="insert into node_access set node_permission='$priv',node_id='$node',user_id='$user'"; | |
53 | $db->query($q); | |
54 | $error="access granted";}}else{$error='access denied';} | |
55 | ||
56 | ||
57 | ||
58 | ||
59 | return false; | |
60 | } | |
61 | ||
62 | ?> |