Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2024-11-24 11:15:21 +01:00
Code Issues Projects Releases Wiki Activity

chore: run formatter tools against PHP code

Browse Source 
Run formatting tools against the PHP source code to meet PSR12 standards

The tools used to format the code (for anyone interested in validating
the changes are:
* [PHP-CS-FIXER](https://github.com/FriendsOfPHP/PHP-CS-Fixer)
* [PHPCS](https://github.com/squizlabs/PHP_CodeSniffer/wiki/Fixing-Errors-Automatically)
This commit is contained in:
Robb Currall 2021-08-05 10:56:41 -04:00
parent e0626c7cac
commit db8b1d49c1
No known key found for this signature in database
GPG Key ID: 12405B4513213DB0
30 changed files with 1438 additions and 1560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
DynmapCore/src/main/resources/extracted/web/gettiles.php
View File

@ -1,21 +1,22 @@
<?php <?php
define ('TILESPATH', 'tiles/');
define('TILESPATH', 'tiles/');
$path = $_SERVER['PATH_INFO']; $path = $_SERVER['PATH_INFO'];
$fname = TILESPATH . $path; $fname = TILESPATH . $path;
if (!file_exists($fname)) { if (!file_exists($fname)) {
$fname = "images/blank.png"; $fname = "images/blank.png";
} }
$fp = fopen($fname, 'rb'); $fp = fopen($fname, 'rb');
if (strstr($path, ".png")) if (strstr($path, ".png")) {
header("Content-Type: image/png"); header("Content-Type: image/png");
else } else {
header("Content-Type: image/jpeg"); header("Content-Type: image/jpeg");
}
header("Content-Length: " . filesize($fname)); header("Content-Length: " . filesize($fname));
fpassthru($fp); fpassthru($fp);
exit; exit;
?>

6
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_access.php
View File

@ -1,8 +1,8 @@
<?php <?php
require_once('MySQL_funcs.php');
require_once 'MySQL_funcs.php';
if ($loginenabled) { if ($loginenabled) {
$rslt = getStandaloneFile('dynmap_access.php'); $rslt = getStandaloneFile('dynmap_access.php');
eval($rslt); eval($rslt);
} }
?>

104
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_configuration.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
include('MySQL_access.php'); require 'MySQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$content = getStandaloneFile('dynmap_config.json'); $content = getStandaloneFile('dynmap_config.json');
@ -26,53 +26,45 @@ header('Content-type: application/json; charset=utf-8');
$json = json_decode($content); $json = json_decode($content);
if (!$loginenabled) { if (!$loginenabled) {
echo $content; echo $content;
} } elseif ($json->loginrequired && !$loggedin) {
else if($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} } else {
else { $uid = '[' . strtolower($userid) . ']';
$uid = '[' . strtolower($userid) . ']'; $json->loggedin = $loggedin;
$json->loggedin = $loggedin; $wcnt = count($json->worlds);
$wcnt = count($json->worlds); $newworlds = array();
$newworlds = array(); for ($i = 0; $i < $wcnt; $i++) {
for($i = 0; $i < $wcnt; $i++) { $w = $json->worlds[$i];
$w = $json->worlds[$i]; if ($w->protected) {
if($w->protected) { $ss = stristr($worldaccess[$w->name], $uid);
$ss = stristr($worldaccess[$w->name], $uid); if ($ss !== false) {
if($ss !== false) { $newworlds[] = $w;
$newworlds[] = $w; } else {
} $w = null;
else { }
$w = null; } else {
} $newworlds[] = $w;
} }
else { if ($w != null) {
$newworlds[] = $w; $mcnt = count($w->maps);
} $newmaps = array();
if($w != null) { for ($j = 0; $j < $mcnt; $j++) {
$mcnt = count($w->maps); $m = $w->maps[$j];
$newmaps = array(); if ($m->protected) {
for($j = 0; $j < $mcnt; $j++) { $ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
$m = $w->maps[$j]; if ($ss !== false) {
if($m->protected) { $newmaps[] = $m;
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid); }
if($ss !== false) { } else {
$newmaps[] = $m; $newmaps[] = $m;
} }
} }
else { $w->maps = $newmaps;
$newmaps[] = $m; }
} }
} $json->worlds = $newworlds;
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json); echo json_encode($json);
} }
cleanupDb(); cleanupDb();
?>

178
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_funcs.php
View File

@ -1,115 +1,121 @@
<?php <?php
function cleanupDb() { function cleanupDb()
if (isset($db)) { {
$db->close(); if (isset($db)) {
$db = NULL; $db->close();
} $db = null;
}
} }
function abortDb($errormsg) { function abortDb($errormsg)
header('HTTP/1.0 500 Error'); {
echo "<h1>500 Error</h1>"; header('HTTP/1.0 500 Error');
echo $errormsg; echo "<h1>500 Error</h1>";
cleanupDb(); echo $errormsg;
exit; cleanupDb();
exit;
} }
function initDbIfNeeded() { function initDbIfNeeded()
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport; {
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport;
$pos = strpos($dbname, '?'); $pos = strpos($dbname, '?');
if ($pos) { if ($pos) {
$dbname = substr($dbname, 0, $pos); $dbname = substr($dbname, 0, $pos);
} }
if (!$db) { if (!$db) {
$db = mysqli_connect('p:' . $dbhost, $dbuserid, $dbpassword, $dbname, $dbport); $db = mysqli_connect('p:' . $dbhost, $dbuserid, $dbpassword, $dbname, $dbport);
if (mysqli_connect_errno()) { if (mysqli_connect_errno()) {
abortDb("Error opening database"); abortDb("Error opening database");
} }
} }
} }
function getStandaloneFileByServerId($fname, $sid) { function getStandaloneFileByServerId($fname, $sid)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=? AND ServerID=?'); $stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=? AND ServerID=?');
$stmt->bind_param('si', $fname, $sid); $stmt->bind_param('si', $fname, $sid);
$res = $stmt->execute(); $res = $stmt->execute();
$stmt->store_result(); $stmt->store_result();
$stmt->bind_result($content); $stmt->bind_result($content);
if ($stmt->fetch()) { if ($stmt->fetch()) {
$rslt = $content; $rslt = $content;
} } else {
else { $rslt = null;
$rslt = NULL; }
} $stmt->close();
$stmt->close(); return $rslt;
return $rslt;
} }
function getStandaloneFile($fname) { function getStandaloneFile($fname)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return getStandaloneFileByServerId($fname, $serverid); return getStandaloneFileByServerId($fname, $serverid);
} }
function updateStandaloneFileByServerId($fname, $sid, $content) { function updateStandaloneFileByServerId($fname, $sid, $content)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=? WHERE FileName=? AND ServerID=?'); $stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=? WHERE FileName=? AND ServerID=?');
$stmt->bind_param('ssi', $content, $fname, $sid); $stmt->bind_param('ssi', $content, $fname, $sid);
$res = $stmt->execute(); $res = $stmt->execute();
$stmt->close(); $stmt->close();
if (!$res) { if (!$res) {
$res = insertStandaloneFileByServerId($fname, $sid, $content); $res = insertStandaloneFileByServerId($fname, $sid, $content);
} }
return $res; return $res;
} }
function updateStandaloneFile($fname, $content) { function updateStandaloneFile($fname, $content)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return updateStandaloneFileByServerId($fname, $serverid, $content); return updateStandaloneFileByServerId($fname, $serverid, $content);
} }
function insertStandaloneFileByServerId($fname, $sid, $content) { function insertStandaloneFileByServerId($fname, $sid, $content)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);'); $stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);');
$stmt->bind_param('ssi', $content, $fname, $sid); $stmt->bind_param('ssi', $content, $fname, $sid);
$res = $stmt->execute(); $res = $stmt->execute();
$stmt->close(); $stmt->close();
return $res; return $res;
} }
function insertStandaloneFile($fname, $content) { function insertStandaloneFile($fname, $content)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return insertStandaloneFileByServerId($fname, $serverid, $content); return insertStandaloneFileByServerId($fname, $serverid, $content);
} }
?>

6
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_getlogin.php
View File

@ -1,8 +1,8 @@
<?php <?php
require_once('MySQL_funcs.php');
require_once 'MySQL_funcs.php';
if ($loginenabled) { if ($loginenabled) {
$rslt = getStandaloneFile("dynmap_login.php"); $rslt = getStandaloneFile("dynmap_login.php");
eval($rslt); eval($rslt);
} }
?>

102
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_login.php
View File

@ -1,75 +1,69 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
include('MySQL_getlogin.php'); require 'MySQL_getlogin.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_POST['j_username'])) { if (isset($_POST['j_username'])) {
$userid = $_POST['j_username']; $userid = $_POST['j_username'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$good = false; $good = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) { if (isset($_POST['j_password'])) {
$password = $_POST['j_password']; $password = $_POST['j_password'];
} } else {
else { $password = '';
$password = ''; }
} $ctx = hash_init('sha256');
$ctx = hash_init('sha256'); hash_update($ctx, $pwdsalt);
hash_update($ctx, $pwdsalt); hash_update($ctx, $password);
hash_update($ctx, $password); $hash = hash_final($ctx);
$hash = hash_final($ctx); $useridlc = strtolower($userid);
$useridlc = strtolower($userid); if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) { $_SESSION['userid'] = $userid;
$_SESSION['userid'] = $userid; $good = true;
$good = true; } else {
} $_SESSION['userid'] = '-guest-';
else { }
$_SESSION['userid'] = '-guest-'; } else {
} $_SESSION['userid'] = '-guest-';
} $good = true;
else {
$_SESSION['userid'] = '-guest-';
$good = true;
} }
$content = getStandaloneFile('dynmap_reg.php'); $content = getStandaloneFile('dynmap_reg.php');
/* Prune pending registrations, if needed */ /* Prune pending registrations, if needed */
$lines = explode('\n', $content); $lines = explode('\n', $content);
$newlines[] = array(); $newlines[] = array();
if(!empty($lines)) { if (!empty($lines)) {
$cnt = count($lines) - 1; $cnt = count($lines) - 1;
$changed = false; $changed = false;
for($i=1; $i < $cnt; $i++) { for ($i = 1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i])); list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue; if ($uid == $useridlc) {
if(array_key_exists($uid, $pendingreg)) { continue;
$newlines[] = $uid . '=' . $pc . '=' . $hsh; }
} if (array_key_exists($uid, $pendingreg)) {
else { $newlines[] = $uid . '=' . $pc . '=' . $hsh;
$changed = true; } else {
} $changed = true;
} }
if($changed) { }
if ($changed) {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines)); updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
} }
} }
if($good) { if ($good) {
echo "{ \"result\": \"success\" }"; echo "{ \"result\": \"success\" }";
} } else {
else { echo "{ \"result\": \"loginfailed\" }";
echo "{ \"result\": \"loginfailed\" }";
} }
cleanupDb(); cleanupDb();
?>

143
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
include('MySQL_access.php'); require 'MySQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['marker']; $path = $_REQUEST['marker'];
@ -29,7 +29,7 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) { if (($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path; echo "Bad marker: " . $path;
@ -39,70 +39,62 @@ if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
initDbIfNeeded(); initDbIfNeeded();
if ($parts[0] == "faces") { if ($parts[0] == "faces") {
if (count($parts) != 3) { if (count($parts) != 3) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad face: " . $path; echo "Bad face: " . $path;
cleanupDb(); cleanupDb();
exit(); exit();
} }
$ft = 0; $ft = 0;
if ($parts[1] == "8x8") { if ($parts[1] == "8x8") {
$ft = 0; $ft = 0;
} } elseif ($parts[1] == '16x16') {
else if ($parts[1] == '16x16') { $ft = 1;
$ft = 1; } elseif ($parts[1] == '32x32') {
} $ft = 2;
else if ($parts[1] == '32x32') { } elseif ($parts[1] == 'body') {
$ft = 2; $ft = 3;
} }
else if ($parts[1] == 'body') { $pn = explode(".", $parts[2]);
$ft = 3; $stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?');
} $stmt->bind_param('si', $pn[0], $ft);
$pn = explode(".", $parts[2]); $res = $stmt->execute();
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?'); $stmt->bind_result($timage);
$stmt->bind_param('si', $pn[0], $ft); if ($stmt->fetch()) {
$res = $stmt->execute(); header('Content-Type: image/png');
$stmt->bind_result($timage); echo $timage;
if ($stmt->fetch()) { } else {
header('Content-Type: image/png'); header('Location: ../images/blank.png');
echo $timage; }
} } else { // _markers_
else { $in = explode(".", $parts[1]);
header('Location: ../images/blank.png'); $name = implode(".", array_slice($in, 0, count($in) - 1));
} $ext = $in[count($in) - 1];
} if (($ext == "json") && (strpos($name, "marker_") == 0)) {
else { // _markers_ $world = substr($name, 7);
$in = explode(".", $parts[1]); $stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?');
$name = implode(".", array_slice($in, 0, count($in) - 1)); $stmt->bind_param('s', $world);
$ext = $in[count($in) - 1]; $res = $stmt->execute();
if (($ext == "json") && (strpos($name, "marker_") == 0)) { $stmt->bind_result($timage);
$world = substr($name, 7); header('Content-Type: application/json');
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?'); if ($stmt->fetch()) {
$stmt->bind_param('s', $world); echo $timage;
$res = $stmt->execute(); } else {
$stmt->bind_result($timage); echo "{ }";
header('Content-Type: application/json'); }
if ($stmt->fetch()) { } else {
echo $timage; $stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?');
} $stmt->bind_param('s', $name);
else { $res = $stmt->execute();
echo "{ }"; $stmt->bind_result($timage);
} if ($stmt->fetch()) {
} header('Content-Type: image/png');
else { echo $timage;
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?'); } else {
$stmt->bind_param('s', $name); header('Location: ../images/blank.png');
$res = $stmt->execute(); }
$stmt->bind_result($timage); }
if ($stmt->fetch()) {
header('Content-Type: image/png');
echo $timage;
}
else {
header('Location: ../images/blank.png');
}
}
} }
$stmt->close(); $stmt->close();
@ -110,4 +102,3 @@ $stmt->close();
cleanupDb(); cleanupDb();
exit; exit;
?>

136
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_register.php
View File

@ -1,40 +1,37 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
require('MySQL_getlogin.php'); require 'MySQL_getlogin.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_POST['j_password'])) { if (isset($_POST['j_password'])) {
$password = $_POST['j_password']; $password = $_POST['j_password'];
} else {
$password = '';
} }
else { if (isset($_POST['j_verify_password'])) {
$password = ''; $verify = $_POST['j_verify_password'];
} else {
$verify = '';
} }
if(isset($_POST['j_verify_password'])) { if (strcmp($password, $verify)) {
$verify = $_POST['j_verify_password']; echo "{ \"result\": \"verifyfailed\" }";
} return;
else {
$verify = '';
}
if(strcmp($password, $verify)) {
echo "{ \"result\": \"verifyfailed\" }";
return;
} }
if(isset($_POST['j_username'])) { if (isset($_POST['j_username'])) {
$userid = $_POST['j_username']; $userid = $_POST['j_username'];
} else {
$userid = '-guest-';
} }
else { if (isset($_POST['j_passcode'])) {
$userid = '-guest-'; $passcode = $_POST['j_passcode'];
} } else {
if(isset($_POST['j_passcode'])) { $passcode = '';
$passcode = $_POST['j_passcode'];
}
else {
$passcode = '';
} }
$good = false; $good = false;
@ -44,51 +41,48 @@ $_SESSION['userid'] = '-guest-';
$good = false; $good = false;
if(strcmp($useridlc, '-guest-')) { if (strcmp($useridlc, '-guest-')) {
if(isset($pendingreg[$useridlc])) { if (isset($pendingreg[$useridlc])) {
if(!strcmp($passcode, $pendingreg[$useridlc])) { if (!strcmp($passcode, $pendingreg[$useridlc])) {
$ctx = hash_init('sha256'); $ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt); hash_update($ctx, $pwdsalt);
hash_update($ctx, $password); hash_update($ctx, $password);
$hash = hash_final($ctx); $hash = hash_final($ctx);
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$good = true; $good = true;
$newlines[] = array(); $newlines[] = array();
$content = getStandaloneFile('dynmap_reg.php'); $content = getStandaloneFile('dynmap_reg.php');
if (isset($content)) { if (isset($content)) {
$lines = explode('\n', $content); $lines = explode('\n', $content);
$isnew = false; $isnew = false;
} } else {
else { $lines = array();
$lines = array(); $isnew = true;
$isnew = true; }
} if (!empty($lines)) {
if(!empty($lines)) { $cnt = count($lines) - 1;
$cnt = count($lines) - 1; for ($i = 1; $i < $cnt; $i++) {
for($i=1; $i < $cnt; $i++) { list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i])); if ($uid == $useridlc) {
if($uid == $useridlc) continue; continue;
if(array_key_exists($uid, $pendingreg)) { }
$newlines[] = $uid . '=' . $pc . '=' . $hsh; if (array_key_exists($uid, $pendingreg)) {
} $newlines[] = $uid . '=' . $pc . '=' . $hsh;
} }
} }
$newlines[] = $useridlc . '=' . $passcode . '=' . $hash; }
if ($isnew) { $newlines[] = $useridlc . '=' . $passcode . '=' . $hash;
insertStandaloneFile('dynmap_reg.php', implode("\n", $newlines)); if ($isnew) {
} insertStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
else { } else {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines)); updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
} }
} }
} }
} }
if($good) { if ($good) {
echo "{ \"result\": \"success\" }"; echo "{ \"result\": \"success\" }";
} } else {
else { echo "{ \"result\": \"registerfailed\" }";
echo "{ \"result\": \"registerfailed\" }";
} }
cleanupDb(); cleanupDb();
?>

114
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_sendmessage.php
View File

@ -1,75 +1,69 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
$content = getStandaloneFile('dynmap_config.json'); $content = getStandaloneFile('dynmap_config.json');
if (isset($content)) { if (isset($content)) {
$config = json_decode($content, true); $config = json_decode($content, true);
$msginterval = $config['webchat-interval']; $msginterval = $config['webchat-interval'];
} } else {
else { $msginterval = 2000;
$msginterval = 2000;
} }
if(isset($_SESSION['lastchat'])) if (isset($_SESSION['lastchat'])) {
$lastchat = $_SESSION['lastchat']; $lastchat = $_SESSION['lastchat'];
else } else {
$lastchat = 0; $lastchat = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time())
{
$micro = microtime(true);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if(!empty($old_messages))
{
foreach($old_messages as $message)
{
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp'])
$new_messages[] = $message;
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time()+$msginterval;
echo "{ \"error\" : \"none\" }";
} }
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{ if ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time()) {
header('HTTP/1.1 403 Forbidden'); $micro = microtime(true);
} $timestamp = round($micro * 1000.0);
else {
echo "{ \"error\" : \"none\" }"; $data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if (strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if (!empty($old_messages)) {
foreach ($old_messages as $message) {
if (($timestamp - $config['updaterate'] - 10000) < $message['timestamp']) {
$new_messages[] = $message;
}
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
} else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time() + $msginterval;
echo "{ \"error\" : \"none\" }";
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time()) {
header('HTTP/1.1 403 Forbidden');
} else {
echo "{ \"error\" : \"none\" }";
} }
cleanupDb(); cleanupDb();
?>

115
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
include('MySQL_access.php'); require 'MySQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['tile']; $path = $_REQUEST['tile'];
@ -30,56 +30,54 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if (count($parts) != 4) { if (count($parts) != 4) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
$uid = '[' . strtolower($userid) . ']'; $uid = '[' . strtolower($userid) . ']';
$world = $parts[0]; $world = $parts[0];
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
} }
$variant='STANDARD'; $variant = 'STANDARD';
$prefix = $parts[1]; $prefix = $parts[1];
$plen = strlen($prefix); $plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) { if (($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4); $prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY'; $variant = 'DAY';
} }
$mapid = $world . "." . $prefix; $mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) { if (isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid); $ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
} }
$fparts = explode("_", $parts[3]); $fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]); $zoom = strlen($fparts[0]);
$x = intval($fparts[1]); $x = intval($fparts[1]);
$y = intval($fparts[2]); $y = intval($fparts[2]);
} } elseif (count($fparts) == 2) { // x_y
else if (count($fparts) == 2) { // x_y $zoom = 0;
$zoom = 0; $x = intval($fparts[0]);
$x = intval($fparts[0]); $y = intval($fparts[1]);
$y = intval($fparts[1]); } else {
} header('Location: ../images/blank.png');
else { cleanupDb();
header('Location: ../images/blank.png'); exit;
cleanupDb();
exit;
} }
initDbIfNeeded(); initDbIfNeeded();
@ -88,22 +86,19 @@ $stmt->bind_param('sssiii', $world, $prefix, $variant, $x, $y, $zoom);
$res = $stmt->execute(); $res = $stmt->execute();
$stmt->bind_result($timage, $format, $thash, $tlast); $stmt->bind_result($timage, $format, $thash, $tlast);
if ($stmt->fetch()) { if ($stmt->fetch()) {
if ($format == 0) { if ($format == 0) {
header('Content-Type: image/png'); header('Content-Type: image/png');
} } else {
else { header('Content-Type: image/jpeg');
header('Content-Type: image/jpeg'); }
} header('ETag: \'' . $thash . '\'');
header('ETag: \'' . $thash . '\''); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast / 1000) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast/1000) . ' GMT'); echo $timage;
echo $timage; } else {
} header('Location: ../images/blank.png');
else {
header('Location: ../images/blank.png');
} }
$stmt->close(); $stmt->close();
cleanupDb(); cleanupDb();
exit; exit;
?>

122
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_update.php
View File

@ -1,52 +1,53 @@
<?php <?php
ob_start(); ob_start();
require_once('MySQL_funcs.php'); require_once 'MySQL_funcs.php';
include('MySQL_config.php'); require 'MySQL_config.php';
include('MySQL_access.php'); require 'MySQL_access.php';
ob_end_clean(); ob_end_clean();
$world = $_REQUEST['world']; $world = $_REQUEST['world'];
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
header('Content-type: application/json; charset=utf-8'); header('Content-type: application/json; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\')) { if (strpos($world, '/') || strpos($world, '\\')) {
echo "{ \"error\": \"invalid-world\" }"; echo "{ \"error\": \"invalid-world\" }";
return; return;
} }
if ($loginenabled) if ($loginenabled) {
$fname = 'updates_' . $world . '.php'; $fname = 'updates_' . $world . '.php';
else } else {
$fname = 'updates_' . $world . '.json'; $fname = 'updates_' . $world . '.json';
}
$useridlc = strtolower($userid); $useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']'; $uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
echo "{ \"error\": \"access-denied\" }"; echo "{ \"error\": \"access-denied\" }";
return; return;
} }
} }
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
$content = getStandaloneFile('dynmap_' . $world . '.json'); $content = getStandaloneFile('dynmap_' . $world . '.json');
@ -60,48 +61,41 @@ if (!isset($content)) {
if (!$loginenabled) { if (!$loginenabled) {
echo $content; echo $content;
} } elseif (isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
else if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} } else {
else { $json = json_decode($content);
$json = json_decode($content); $json->loggedin = $loggedin;
$json->loggedin = $loggedin; if (isset($json->protected) && $json->protected) {
if (isset($json->protected) && $json->protected) { $ss = stristr($seeallmarkers, $uid);
$ss = stristr($seeallmarkers, $uid); if ($ss === false) {
if($ss === false) { if (isset($playervisible[$useridlc])) {
if(isset($playervisible[$useridlc])) { $plist = $playervisible[$useridlc];
$plist = $playervisible[$useridlc]; $pcnt = count($json->players);
$pcnt = count($json->players); for ($i = 0; $i < $pcnt; $i++) {
for($i = 0; $i < $pcnt; $i++) { $p = $json->players[$i];
$p = $json->players[$i]; if (!stristr($plist, '[' . $p->account . ']')) {
if(!stristr($plist, '[' . $p->account . ']')) { $p->world = "-some-other-bogus-world-";
$p->world = "-some-other-bogus-world-"; $p->x = 0.0;
$p->x = 0.0; $p->y = 64.0;
$p->y = 64.0; $p->z = 0.0;
$p->z = 0.0; }
} }
} } else {
} $pcnt = count($json->players);
else { for ($i = 0; $i < $pcnt; $i++) {
$pcnt = count($json->players); $p = $json->players[$i];
for($i = 0; $i < $pcnt; $i++) { if (strcasecmp($userid, $p->account) != 0) {
$p = $json->players[$i]; $p->world = "-some-other-bogus-world-";
if(strcasecmp($userid, $p->account) != 0) { $p->x = 0.0;
$p->world = "-some-other-bogus-world-"; $p->y = 64.0;
$p->x = 0.0; $p->z = 0.0;
$p->y = 64.0; }
$p->z = 0.0; }
} }
} }
} }
} echo json_encode($json);
}
echo json_encode($json);
} }
cleanupDb(); cleanupDb();
?>

8
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_access.php
View File

@ -1,9 +1,9 @@
<?php <?php
require_once('PostgreSQL_funcs.php');
require_once 'PostgreSQL_funcs.php';
if ($loginenabled) { if ($loginenabled) {
$rslt = getStandaloneFile('dynmap_access.php'); $rslt = getStandaloneFile('dynmap_access.php');
var_dump($rslt); var_dump($rslt);
eval($rslt); eval($rslt);
} }
?>

104
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_configuration.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
include('PostgreSQL_access.php'); require 'PostgreSQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$content = getStandaloneFile('dynmap_config.json'); $content = getStandaloneFile('dynmap_config.json');
@ -26,53 +26,45 @@ header('Content-type: application/json; charset=utf-8');
$json = json_decode($content); $json = json_decode($content);
if (!$loginenabled) { if (!$loginenabled) {
echo $content; echo $content;
} } elseif ($json->loginrequired && !$loggedin) {
else if($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} } else {
else { $uid = '[' . strtolower($userid) . ']';
$uid = '[' . strtolower($userid) . ']'; $json->loggedin = $loggedin;
$json->loggedin = $loggedin; $wcnt = count($json->worlds);
$wcnt = count($json->worlds); $newworlds = array();
$newworlds = array(); for ($i = 0; $i < $wcnt; $i++) {
for($i = 0; $i < $wcnt; $i++) { $w = $json->worlds[$i];
$w = $json->worlds[$i]; if ($w->protected) {
if($w->protected) { $ss = stristr($worldaccess[$w->name], $uid);
$ss = stristr($worldaccess[$w->name], $uid); if ($ss !== false) {
if($ss !== false) { $newworlds[] = $w;
$newworlds[] = $w; } else {
} $w = null;
else { }
$w = null; } else {
} $newworlds[] = $w;
} }
else { if ($w != null) {
$newworlds[] = $w; $mcnt = count($w->maps);
} $newmaps = array();
if($w != null) { for ($j = 0; $j < $mcnt; $j++) {
$mcnt = count($w->maps); $m = $w->maps[$j];
$newmaps = array(); if ($m->protected) {
for($j = 0; $j < $mcnt; $j++) { $ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
$m = $w->maps[$j]; if ($ss !== false) {
if($m->protected) { $newmaps[] = $m;
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid); }
if($ss !== false) { } else {
$newmaps[] = $m; $newmaps[] = $m;
} }
} }
else { $w->maps = $newmaps;
$newmaps[] = $m; }
} }
} $json->worlds = $newworlds;
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json); echo json_encode($json);
} }
cleanupDb(); cleanupDb();
?>

182
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_funcs.php
View File

@ -1,118 +1,124 @@
<?php <?php
function cleanupDb() { function cleanupDb()
if (isset($db)) { {
$db->close(); if (isset($db)) {
$db = NULL; $db->close();
} $db = null;
}
} }
function abortDb($errormsg) { function abortDb($errormsg)
header('HTTP/1.0 500 Error'); {
echo "<h1>500 Error</h1>"; header('HTTP/1.0 500 Error');
echo $errormsg; echo "<h1>500 Error</h1>";
cleanupDb(); echo $errormsg;
exit; cleanupDb();
exit;
} }
function initDbIfNeeded() { function initDbIfNeeded()
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport; {
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport;
$pos = strpos($dbname, '?'); $pos = strpos($dbname, '?');
if ($pos) { if ($pos) {
$dbname = substr($dbname, 0, $pos); $dbname = substr($dbname, 0, $pos);
} }
if (!$db) { if (!$db) {
$db = new PDO("pgsql:host=$dbhost;port=$dbport;dbname=$dbname", $dbuserid , $dbpassword, array(PDO::ATTR_PERSISTENT => true)); $db = new PDO("pgsql:host=$dbhost;port=$dbport;dbname=$dbname", $dbuserid, $dbpassword, array(PDO::ATTR_PERSISTENT => true));
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!$db) { if (!$db) {
abortDb("Error opening database"); abortDb("Error opening database");
} }
} }
} }
function getStandaloneFileByServerId($fname, $sid) { function getStandaloneFileByServerId($fname, $sid)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=:fname AND ServerID=:sid'); $stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=:fname AND ServerID=:sid');
$stmt->bindParam(':fname', $fname, PDO::PARAM_STR); $stmt->bindParam(':fname', $fname, PDO::PARAM_STR);
$stmt->bindParam(':sid', $sid, PDO::PARAM_INT); $stmt->bindParam(':sid', $sid, PDO::PARAM_INT);
$res = $stmt->execute(); $res = $stmt->execute();
$content = $stmt->fetch(PDO::FETCH_BOTH); $content = $stmt->fetch(PDO::FETCH_BOTH);
if ($res && $content) { if ($res && $content) {
$rslt = stream_get_contents($content[0]); //stupid streams... $rslt = stream_get_contents($content[0]); //stupid streams...
} } else {
else { $rslt = null;
$rslt = NULL; }
} $stmt->closeCursor();
$stmt->closeCursor(); return $rslt;
return $rslt;
} }
function getStandaloneFile($fname) { function getStandaloneFile($fname)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return getStandaloneFileByServerId($fname, $serverid); return getStandaloneFileByServerId($fname, $serverid);
} }
function updateStandaloneFileByServerId($fname, $sid, $content) { function updateStandaloneFileByServerId($fname, $sid, $content)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=:content WHERE FileName=:fname AND ServerID=:sid'); $stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=:content WHERE FileName=:fname AND ServerID=:sid');
$stmt->bindParam(':content', $content, PDO::PARAM_STR); $stmt->bindParam(':content', $content, PDO::PARAM_STR);
$stmt->bindParam(':fname', $fname, PDO::PARAM_STR); $stmt->bindParam(':fname', $fname, PDO::PARAM_STR);
$stmt->bindParam(':sid', $sid, PDO::PARAM_INT); $stmt->bindParam(':sid', $sid, PDO::PARAM_INT);
$res = $stmt->execute(); $res = $stmt->execute();
$stmt->closeCursor(); $stmt->closeCursor();
if (!$res) { if (!$res) {
$res = insertStandaloneFileByServerId($fname, $sid, $content); $res = insertStandaloneFileByServerId($fname, $sid, $content);
} }
return $res; return $res;
} }
function updateStandaloneFile($fname, $content) { function updateStandaloneFile($fname, $content)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return updateStandaloneFileByServerId($fname, $serverid, $content); return updateStandaloneFileByServerId($fname, $serverid, $content);
} }
function insertStandaloneFileByServerId($fname, $sid, $content) { function insertStandaloneFileByServerId($fname, $sid, $content)
global $db, $dbprefix; {
global $db, $dbprefix;
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);'); $stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);');
$res = $stmt->execute(array($content, $fname, $sid)); $res = $stmt->execute(array($content, $fname, $sid));
$stmt->close(); $stmt->close();
return $res; return $res;
} }
function insertStandaloneFile($fname, $content) { function insertStandaloneFile($fname, $content)
global $serverid; {
global $serverid;
if (!isset($serverid)) { if (!isset($serverid)) {
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
} }
return insertStandaloneFileByServerId($fname, $serverid, $content); return insertStandaloneFileByServerId($fname, $serverid, $content);
} }
?>

6
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_getlogin.php
View File

@ -1,8 +1,8 @@
<?php <?php
require_once('PostgreSQL_funcs.php');
require_once 'PostgreSQL_funcs.php';
if ($loginenabled) { if ($loginenabled) {
$rslt = getStandaloneFile("dynmap_login.php"); $rslt = getStandaloneFile("dynmap_login.php");
eval($rslt); eval($rslt);
} }
?>

102
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_login.php
View File

@ -1,75 +1,69 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
include('PostgreSQL_getlogin.php'); require 'PostgreSQL_getlogin.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_POST['j_username'])) { if (isset($_POST['j_username'])) {
$userid = $_POST['j_username']; $userid = $_POST['j_username'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$good = false; $good = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) { if (isset($_POST['j_password'])) {
$password = $_POST['j_password']; $password = $_POST['j_password'];
} } else {
else { $password = '';
$password = ''; }
} $ctx = hash_init('sha256');
$ctx = hash_init('sha256'); hash_update($ctx, $pwdsalt);
hash_update($ctx, $pwdsalt); hash_update($ctx, $password);
hash_update($ctx, $password); $hash = hash_final($ctx);
$hash = hash_final($ctx); $useridlc = strtolower($userid);
$useridlc = strtolower($userid); if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) { $_SESSION['userid'] = $userid;
$_SESSION['userid'] = $userid; $good = true;
$good = true; } else {
} $_SESSION['userid'] = '-guest-';
else { }
$_SESSION['userid'] = '-guest-'; } else {
} $_SESSION['userid'] = '-guest-';
} $good = true;
else {
$_SESSION['userid'] = '-guest-';
$good = true;
} }
$content = getStandaloneFile('dynmap_reg.php'); $content = getStandaloneFile('dynmap_reg.php');
/* Prune pending registrations, if needed */ /* Prune pending registrations, if needed */
$lines = explode('\n', $content); $lines = explode('\n', $content);
$newlines[] = array(); $newlines[] = array();
if(!empty($lines)) { if (!empty($lines)) {
$cnt = count($lines) - 1; $cnt = count($lines) - 1;
$changed = false; $changed = false;
for($i=1; $i < $cnt; $i++) { for ($i = 1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i])); list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue; if ($uid == $useridlc) {
if(array_key_exists($uid, $pendingreg)) { continue;
$newlines[] = $uid . '=' . $pc . '=' . $hsh; }
} if (array_key_exists($uid, $pendingreg)) {
else { $newlines[] = $uid . '=' . $pc . '=' . $hsh;
$changed = true; } else {
} $changed = true;
} }
if($changed) { }
if ($changed) {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines)); updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
} }
} }
if($good) { if ($good) {
echo "{ \"result\": \"success\" }"; echo "{ \"result\": \"success\" }";
} } else {
else { echo "{ \"result\": \"loginfailed\" }";
echo "{ \"result\": \"loginfailed\" }";
} }
cleanupDb(); cleanupDb();
?>

135
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
include('PostgreSQL_access.php'); require 'PostgreSQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['marker']; $path = $_REQUEST['marker'];
@ -29,7 +29,7 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) { if (($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path; echo "Bad marker: " . $path;
@ -39,67 +39,59 @@ if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
initDbIfNeeded(); initDbIfNeeded();
if ($parts[0] == "faces") { if ($parts[0] == "faces") {
if (count($parts) != 3) { if (count($parts) != 3) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad face: " . $path; echo "Bad face: " . $path;
cleanupDb(); cleanupDb();
exit(); exit();
} }
$ft = 0; $ft = 0;
if ($parts[1] == "8x8") { if ($parts[1] == "8x8") {
$ft = 0; $ft = 0;
} } elseif ($parts[1] == '16x16') {
else if ($parts[1] == '16x16') { $ft = 1;
$ft = 1; } elseif ($parts[1] == '32x32') {
} $ft = 2;
else if ($parts[1] == '32x32') { } elseif ($parts[1] == 'body') {
$ft = 2; $ft = 3;
} }
else if ($parts[1] == 'body') { $pn = explode(".", $parts[2]);
$ft = 3; $stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?');
} $res = $stmt->execute(array($pn[0], $ft));
$pn = explode(".", $parts[2]); $timage = $stmt->fetch();
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?'); if ($res && $timage) {
$res = $stmt->execute(array($pn[0], $ft)); header('Content-Type: image/png');
$timage = $stmt->fetch(); echo stream_get_contents($timage[0]);
if ($res && $timage) { } else {
header('Content-Type: image/png'); header('Location: ../images/blank.png');
echo stream_get_contents($timage[0]); }
} } else { // _markers_
else { $in = explode(".", $parts[1]);
header('Location: ../images/blank.png'); $name = implode(".", array_slice($in, 0, count($in) - 1));
} $ext = $in[count($in) - 1];
} if (($ext == "json") && (strpos($name, "marker_") == 0)) {
else { // _markers_ $world = substr($name, 7);
$in = explode(".", $parts[1]); $stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?');
$name = implode(".", array_slice($in, 0, count($in) - 1)); $res = $stmt->execute(array($world));
$ext = $in[count($in) - 1];
if (($ext == "json") && (strpos($name, "marker_") == 0)) {
$world = substr($name, 7);
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?');
$res = $stmt->execute(array($world));
$timage = $stmt->fetch();
header('Content-Type: application/json');
if ($res && $timage) {
echo stream_get_contents($timage[0]); //PDO returns arrays, even for single colums, and bytea is returned as stream.
}
else {
echo "{ }";
}
}
else {
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?');
$res = $stmt->execute(array($name));
$timage = $stmt->fetch(); $timage = $stmt->fetch();
if ($res && $timage) { header('Content-Type: application/json');
header('Content-Type: image/png'); if ($res && $timage) {
echo stream_get_contents($timage[0]); echo stream_get_contents($timage[0]); //PDO returns arrays, even for single colums, and bytea is returned as stream.
} } else {
else { echo "{ }";
header('Location: ../images/blank.png'); }
} } else {
} $stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?');
$res = $stmt->execute(array($name));
$timage = $stmt->fetch();
if ($res && $timage) {
header('Content-Type: image/png');
echo stream_get_contents($timage[0]);
} else {
header('Location: ../images/blank.png');
}
}
} }
$stmt->closeCursor(); $stmt->closeCursor();
@ -107,4 +99,3 @@ $stmt->closeCursor();
cleanupDb(); cleanupDb();
exit; exit;
?>

114
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_sendmessage.php
View File

@ -1,75 +1,69 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
$content = getStandaloneFile('dynmap_config.json'); $content = getStandaloneFile('dynmap_config.json');
if (isset($content)) { if (isset($content)) {
$config = json_decode($content, true); $config = json_decode($content, true);
$msginterval = $config['webchat-interval']; $msginterval = $config['webchat-interval'];
} } else {
else { $msginterval = 2000;
$msginterval = 2000;
} }
if(isset($_SESSION['lastchat'])) if (isset($_SESSION['lastchat'])) {
$lastchat = $_SESSION['lastchat']; $lastchat = $_SESSION['lastchat'];
else } else {
$lastchat = 0; $lastchat = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time())
{
$micro = microtime(true);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if(!empty($old_messages))
{
foreach($old_messages as $message)
{
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp'])
$new_messages[] = $message;
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time()+$msginterval;
echo "{ \"error\" : \"none\" }";
} }
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{ if ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time()) {
header('HTTP/1.1 403 Forbidden'); $micro = microtime(true);
} $timestamp = round($micro * 1000.0);
else {
echo "{ \"error\" : \"none\" }"; $data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if (strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if (!empty($old_messages)) {
foreach ($old_messages as $message) {
if (($timestamp - $config['updaterate'] - 10000) < $message['timestamp']) {
$new_messages[] = $message;
}
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
} else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time() + $msginterval;
echo "{ \"error\" : \"none\" }";
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time()) {
header('HTTP/1.1 403 Forbidden');
} else {
echo "{ \"error\" : \"none\" }";
} }
cleanupDb(); cleanupDb();
?>

127
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
View File

@ -1,22 +1,22 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
include('PostgreSQL_access.php'); require 'PostgreSQL_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['tile']; $path = $_REQUEST['tile'];
@ -30,85 +30,80 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if (count($parts) != 4) { if (count($parts) != 4) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
$uid = '[' . strtolower($userid) . ']'; $uid = '[' . strtolower($userid) . ']';
$world = $parts[0]; $world = $parts[0];
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
} }
$variant='STANDARD'; $variant = 'STANDARD';
$prefix = $parts[1]; $prefix = $parts[1];
$plen = strlen($prefix); $plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) { if (($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4); $prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY'; $variant = 'DAY';
} }
$mapid = $world . "." . $prefix; $mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) { if (isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid); $ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
cleanupDb(); cleanupDb();
exit; exit;
} }
} }
$fparts = explode("_", $parts[3]); $fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]); $zoom = strlen($fparts[0]);
$x = intval($fparts[1]); $x = intval($fparts[1]);
$y = intval($fparts[2]); $y = intval($fparts[2]);
} } elseif (count($fparts) == 2) { // x_y
else if (count($fparts) == 2) { // x_y $zoom = 0;
$zoom = 0; $x = intval($fparts[0]);
$x = intval($fparts[0]); $y = intval($fparts[1]);
$y = intval($fparts[1]); } else {
} header('Location: ../images/blank.png');
else { cleanupDb();
header('Location: ../images/blank.png'); exit;
cleanupDb();
exit;
} }
initDbIfNeeded(); initDbIfNeeded();
$stmt = $db->prepare('SELECT t.Image,t.Format,t.HashCode,t.LastUpdate FROM ' . $dbprefix . 'Maps m JOIN ' . $dbprefix . 'Tiles t ON m.ID=t.MapID WHERE m.WorldID=? AND m.MapID=? AND m.Variant=? AND t.x=? AND t.y=? and t.zoom=?'); $stmt = $db->prepare('SELECT t.Image,t.Format,t.HashCode,t.LastUpdate FROM ' . $dbprefix . 'Maps m JOIN ' . $dbprefix . 'Tiles t ON m.ID=t.MapID WHERE m.WorldID=? AND m.MapID=? AND m.Variant=? AND t.x=? AND t.y=? and t.zoom=?');
$stmt->bindParam(1,$world, PDO::PARAM_STR); $stmt->bindParam(1, $world, PDO::PARAM_STR);
$stmt->bindParam(2,$prefix, PDO::PARAM_STR); $stmt->bindParam(2, $prefix, PDO::PARAM_STR);
$stmt->bindParam(3,$variant, PDO::PARAM_STR); $stmt->bindParam(3, $variant, PDO::PARAM_STR);
$stmt->bindParam(4,$x, PDO::PARAM_INT); $stmt->bindParam(4, $x, PDO::PARAM_INT);
$stmt->bindParam(5,$y, PDO::PARAM_INT); $stmt->bindParam(5, $y, PDO::PARAM_INT);
$stmt->bindParam(6,$zoom, PDO::PARAM_INT); $stmt->bindParam(6, $zoom, PDO::PARAM_INT);
$res = $stmt->execute(); $res = $stmt->execute();
list($timage, $format, $thash, $tlast) = $stmt->fetch(); list($timage, $format, $thash, $tlast) = $stmt->fetch();
if ($res && $timage) { if ($res && $timage) {
if ($format == 0) { if ($format == 0) {
header('Content-Type: image/png'); header('Content-Type: image/png');
} } else {
else { header('Content-Type: image/jpeg');
header('Content-Type: image/jpeg'); }
} header('ETag: \'' . $thash . '\'');
header('ETag: \'' . $thash . '\''); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast / 1000) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast/1000) . ' GMT'); echo stream_get_contents($timage);
echo stream_get_contents($timage); } else {
} header('Location: ../images/blank.png');
else {
header('Location: ../images/blank.png');
} }
$stmt->closeCursor(); $stmt->closeCursor();
cleanupDb(); cleanupDb();
exit; exit;
?>

122
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_update.php
View File

@ -1,52 +1,53 @@
<?php <?php
ob_start(); ob_start();
require_once('PostgreSQL_funcs.php'); require_once 'PostgreSQL_funcs.php';
include('PostgreSQL_config.php'); require 'PostgreSQL_config.php';
include('PostgreSQL_access.php'); require 'PostgreSQL_access.php';
ob_end_clean(); ob_end_clean();
$world = $_REQUEST['world']; $world = $_REQUEST['world'];
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
header('Content-type: application/json; charset=utf-8'); header('Content-type: application/json; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\') || empty($world)) { if (strpos($world, '/') || strpos($world, '\\') || empty($world)) {
echo "{ \"error\": \"invalid-world\" }"; echo "{ \"error\": \"invalid-world\" }";
return; return;
} }
if ($loginenabled) if ($loginenabled) {
$fname = 'updates_' . $world . '.php'; $fname = 'updates_' . $world . '.php';
else } else {
$fname = 'updates_' . $world . '.json'; $fname = 'updates_' . $world . '.json';
}
$useridlc = strtolower($userid); $useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']'; $uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
echo "{ \"error\": \"access-denied\" }"; echo "{ \"error\": \"access-denied\" }";
return; return;
} }
} }
$serverid = 0; $serverid = 0;
if(isset($_REQUEST['serverid'])) { if (isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid']; $serverid = $_REQUEST['serverid'];
} }
$content = getStandaloneFile('dynmap_' . $world . '.json'); $content = getStandaloneFile('dynmap_' . $world . '.json');
@ -60,48 +61,41 @@ if (!isset($content)) {
if (!$loginenabled) { if (!$loginenabled) {
echo $content; echo $content;
} } elseif (isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
else if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} } else {
else { $json = json_decode($content);
$json = json_decode($content); $json->loggedin = $loggedin;
$json->loggedin = $loggedin; if (isset($json->protected) && $json->protected) {
if (isset($json->protected) && $json->protected) { $ss = stristr($seeallmarkers, $uid);
$ss = stristr($seeallmarkers, $uid); if ($ss === false) {
if($ss === false) { if (isset($playervisible[$useridlc])) {
if(isset($playervisible[$useridlc])) { $plist = $playervisible[$useridlc];
$plist = $playervisible[$useridlc]; $pcnt = count($json->players);
$pcnt = count($json->players); for ($i = 0; $i < $pcnt; $i++) {
for($i = 0; $i < $pcnt; $i++) { $p = $json->players[$i];
$p = $json->players[$i]; if (!stristr($plist, '[' . $p->account . ']')) {
if(!stristr($plist, '[' . $p->account . ']')) { $p->world = "-some-other-bogus-world-";
$p->world = "-some-other-bogus-world-"; $p->x = 0.0;
$p->x = 0.0; $p->y = 64.0;
$p->y = 64.0; $p->z = 0.0;
$p->z = 0.0; }
} }
} } else {
} $pcnt = count($json->players);
else { for ($i = 0; $i < $pcnt; $i++) {
$pcnt = count($json->players); $p = $json->players[$i];
for($i = 0; $i < $pcnt; $i++) { if (strcasecmp($userid, $p->account) != 0) {
$p = $json->players[$i]; $p->world = "-some-other-bogus-world-";
if(strcasecmp($userid, $p->account) != 0) { $p->x = 0.0;
$p->world = "-some-other-bogus-world-"; $p->y = 64.0;
$p->x = 0.0; $p->z = 0.0;
$p->y = 64.0; }
$p->z = 0.0; }
} }
} }
} }
} echo json_encode($json);
}
echo json_encode($json);
} }
cleanupDb(); cleanupDb();
?>

143
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
View File

@ -1,20 +1,20 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['marker']; $path = $_REQUEST['marker'];
@ -27,7 +27,7 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) { if (($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path; echo "Bad marker: " . $path;
@ -37,72 +37,64 @@ if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
$db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY); $db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY);
if ($parts[0] == "faces") { if ($parts[0] == "faces") {
if (count($parts) != 3) { if (count($parts) != 3) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad face: " . $path; echo "Bad face: " . $path;
exit(); exit();
} }
$ft = 0; $ft = 0;
if ($parts[1] == "8x8") { if ($parts[1] == "8x8") {
$ft = 0; $ft = 0;
} } elseif ($parts[1] == '16x16') {
else if ($parts[1] == '16x16') { $ft = 1;
$ft = 1; } elseif ($parts[1] == '32x32') {
} $ft = 2;
else if ($parts[1] == '32x32') { } elseif ($parts[1] == 'body') {
$ft = 2; $ft = 3;
} }
else if ($parts[1] == 'body') { $pn = explode(".", $parts[2]);
$ft = 3; $stmt = $db->prepare('SELECT Image from Faces WHERE PlayerName=:pn AND TypeID=:ft');
} $stmt->bindValue(":pn", $pn[0], SQLITE3_TEXT);
$pn = explode(".", $parts[2]); $stmt->bindValue(":ft", $ft, SQLITE3_INTEGER);
$stmt = $db->prepare('SELECT Image from Faces WHERE PlayerName=:pn AND TypeID=:ft'); $res = $stmt->execute();
$stmt->bindValue(":pn", $pn[0], SQLITE3_TEXT); $row = $res->fetchArray();
$stmt->bindValue(":ft", $ft, SQLITE3_INTEGER); if (isset($row[0])) {
$res = $stmt->execute(); header('Content-Type: image/png');
$row = $res->fetchArray(); echo $row[0];
if (isset($row[0])) { } else {
header('Content-Type: image/png'); header('Location: ../images/blank.png');
echo $row[0]; exit;
} }
else { } else { // _markers_
header('Location: ../images/blank.png'); $in = explode(".", $parts[1]);
exit; $name = implode(".", array_slice($in, 0, count($in) - 1));
} $ext = $in[count($in) - 1];
} if (($ext == "json") && (strpos($name, "marker_") == 0)) {
else { // _markers_ $world = substr($name, 7);
$in = explode(".", $parts[1]); $stmt = $db->prepare('SELECT Content from MarkerFiles WHERE FileName=:fn');
$name = implode(".", array_slice($in, 0, count($in) - 1)); $stmt->bindValue(':fn', $world, SQLITE3_TEXT);
$ext = $in[count($in) - 1]; $res = $stmt->execute();
if (($ext == "json") && (strpos($name, "marker_") == 0)) { $row = $res->fetchArray();
$world = substr($name, 7); header('Content-Type: application/json');
$stmt = $db->prepare('SELECT Content from MarkerFiles WHERE FileName=:fn'); if (isset($row[0])) {
$stmt->bindValue(':fn', $world, SQLITE3_TEXT); echo $row[0];
$res = $stmt->execute(); } else {
$row = $res->fetchArray(); echo "{ }";
header('Content-Type: application/json'); }
if (isset($row[0])) { } else {
echo $row[0]; $stmt = $db->prepare('SELECT Image from MarkerIcons WHERE IconName=:in');
} $stmt->bindValue(":in", $name, SQLITE3_TEXT);
else { $res = $stmt->execute();
echo "{ }"; $row = $res->fetchArray();
} if (isset($row[0])) {
} header('Content-Type: image/png');
else { echo $row[0];
$stmt = $db->prepare('SELECT Image from MarkerIcons WHERE IconName=:in'); } else {
$stmt->bindValue(":in", $name, SQLITE3_TEXT); header('Location: ../images/blank.png');
$res = $stmt->execute(); exit;
$row = $res->fetchArray(); }
if (isset($row[0])) { }
header('Content-Type: image/png');
echo $row[0];
}
else {
header('Location: ../images/blank.png');
exit;
}
}
} }
$res->finalize(); $res->finalize();
@ -111,4 +103,3 @@ $db->close();
exit; exit;
?>

117
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
View File

@ -1,20 +1,20 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['tile']; $path = $_REQUEST['tile'];
@ -28,52 +28,50 @@ if ((!isset($path)) || strstr($path, "..")) {
$parts = explode("/", $path); $parts = explode("/", $path);
if (count($parts) != 4) { if (count($parts) != 4) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
exit; exit;
} }
$uid = '[' . strtolower($userid) . ']'; $uid = '[' . strtolower($userid) . ']';
$world = $parts[0]; $world = $parts[0];
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
exit; exit;
} }
} }
$variant='STANDARD'; $variant = 'STANDARD';
$prefix = $parts[1]; $prefix = $parts[1];
$plen = strlen($prefix); $plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) { if (($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4); $prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY'; $variant = 'DAY';
} }
$mapid = $world . "." . $prefix; $mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) { if (isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid); $ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) { if ($ss === false) {
header('Location: ../images/blank.png'); header('Location: ../images/blank.png');
exit; exit;
} }
} }
$fparts = explode("_", $parts[3]); $fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]); $zoom = strlen($fparts[0]);
$x = intval($fparts[1]); $x = intval($fparts[1]);
$y = intval($fparts[2]); $y = intval($fparts[2]);
} } elseif (count($fparts) == 2) { // x_y
else if (count($fparts) == 2) { // x_y $zoom = 0;
$zoom = 0; $x = intval($fparts[0]);
$x = intval($fparts[0]); $y = intval($fparts[1]);
$y = intval($fparts[1]); } else {
} header('Location: ../images/blank.png');
else { exit;
header('Location: ../images/blank.png');
exit;
} }
$db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY); $db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY);
@ -88,25 +86,23 @@ $stmt->bindValue(':zoom', $zoom, SQLITE3_INTEGER);
$res = $stmt->execute(); $res = $stmt->execute();
$row = $res->fetchArray(); $row = $res->fetchArray();
if (isset($row[1])) { if (isset($row[1])) {
$format = $row[1]; $format = $row[1];
if ($format == 0) { if ($format == 0) {
header('Content-Type: image/png'); header('Content-Type: image/png');
} } else {
else { header('Content-Type: image/jpeg');
header('Content-Type: image/jpeg'); }
} header('ETag: \'' . $row[2] . '\'');
header('ETag: \'' . $row[2] . '\''); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $row[3] / 1000) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $row[3]/1000) . ' GMT'); if ($row[4] > 0) {
if ($row[4] > 0) { $v = substr($row[0], 0, $row[4]);
$v = substr($row[0], 0, $row[4]); } else {
} else { $v = rtrim($row[0], "\0");
$v = rtrim($row[0], "\0"); }
} header('Content-Length: ' . strlen($v));
header('Content-Length: ' . strlen($v)); echo $v;
echo $v; } else {
} header('Location: ../images/blank.png');
else {
header('Location: ../images/blank.png');
} }
$res->finalize(); $res->finalize();
@ -114,4 +110,3 @@ $stmt->close();
$db->close(); $db->close();
exit; exit;
?>

101
DynmapCore/src/main/resources/extracted/web/standalone/configuration.php
View File

@ -1,74 +1,65 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$lines = file('dynmap_config.php'); $lines = file('dynmap_config.php');
array_shift($lines); array_shift($lines);
array_pop($lines); array_pop($lines);
$json = json_decode(implode(' ',$lines)); $json = json_decode(implode(' ', $lines));
header('Content-type: text/plain; charset=utf-8'); header('Content-type: text/plain; charset=utf-8');
if($json->loginrequired && !$loggedin) { if ($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} else {
$uid = '[' . strtolower($userid) . ']';
$json->loggedin = $loggedin;
$wcnt = count($json->worlds);
for ($i = 0; $i < $wcnt; $i++) {
$w = $json->worlds[$i];
if ($w->protected) {
$ss = stristr($worldaccess[$w->name], $uid);
if ($ss !== false) {
$newworlds[] = $w;
} else {
$w = null;
}
} else {
$newworlds[] = $w;
}
if ($w != null) {
$mcnt = count($w->maps);
$newmaps = array();
for ($j = 0; $j < $mcnt; $j++) {
$m = $w->maps[$j];
if ($m->protected) {
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
if ($ss !== false) {
$newmaps[] = $m;
}
} else {
$newmaps[] = $m;
}
}
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json);
} }
else {
$uid = '[' . strtolower($userid) . ']';
$json->loggedin = $loggedin;
$wcnt = count($json->worlds);
for($i = 0; $i < $wcnt; $i++) {
$w = $json->worlds[$i];
if($w->protected) {
$ss = stristr($worldaccess[$w->name], $uid);
if($ss !== false) {
$newworlds[] = $w;
}
else {
$w = null;
}
}
else {
$newworlds[] = $w;
}
if($w != null) {
$mcnt = count($w->maps);
$newmaps = array();
for($j = 0; $j < $mcnt; $j++) {
$m = $w->maps[$j];
if($m->protected) {
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
if($ss !== false) {
$newmaps[] = $m;
}
}
else {
$newmaps[] = $m;
}
}
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json);
}
?>

120
DynmapCore/src/main/resources/extracted/web/standalone/login.php
View File

@ -1,78 +1,72 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_login.php'); require 'dynmap_login.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_POST['j_username'])) { if (isset($_POST['j_username'])) {
$userid = $_POST['j_username']; $userid = $_POST['j_username'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$good = false; $good = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) { if (isset($_POST['j_password'])) {
$password = $_POST['j_password']; $password = $_POST['j_password'];
} } else {
else { $password = '';
$password = ''; }
} $ctx = hash_init('sha256');
$ctx = hash_init('sha256'); hash_update($ctx, $pwdsalt);
hash_update($ctx, $pwdsalt); hash_update($ctx, $password);
hash_update($ctx, $password); $hash = hash_final($ctx);
$hash = hash_final($ctx); $useridlc = strtolower($userid);
$useridlc = strtolower($userid); if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) { $_SESSION['userid'] = $userid;
$_SESSION['userid'] = $userid; $good = true;
$good = true; } else {
} $_SESSION['userid'] = '-guest-';
else { }
$_SESSION['userid'] = '-guest-'; } else {
} $_SESSION['userid'] = '-guest-';
} $good = true;
else {
$_SESSION['userid'] = '-guest-';
$good = true;
} }
/* Prune pending registrations, if needed */ /* Prune pending registrations, if needed */
$newlines[] = '<?php /*'; $newlines[] = '<?php /*';
if(is_readable('dynmap_reg.php')) if (is_readable('dynmap_reg.php')) {
$lines = file('dynmap_reg.php'); $lines = file('dynmap_reg.php');
else } else {
$lines = array(); $lines = array();
if(!empty($lines)) { }
$cnt = count($lines) - 1; if (!empty($lines)) {
$changed = false; $cnt = count($lines) - 1;
for($i=1; $i < $cnt; $i++) { $changed = false;
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i])); for ($i = 1; $i < $cnt; $i++) {
if($uid == $useridlc) continue; list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if(array_key_exists($uid, $pendingreg)) { if ($uid == $useridlc) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh; continue;
} }
else { if (array_key_exists($uid, $pendingreg)) {
$changed = true; $newlines[] = $uid . '=' . $pc . '=' . $hsh;
} } else {
} $changed = true;
if($changed) { }
if(count($newlines) < 2) { /* Nothing? */ }
unlink('dynmap_reg.php'); if ($changed) {
} if (count($newlines) < 2) { /* Nothing? */
else { unlink('dynmap_reg.php');
$newlines[] = '*/ ?>'; } else {
file_put_contents('dynmap_reg.php', implode("\n", $newlines)); $newlines[] = '*/ ?>';
} file_put_contents('dynmap_reg.php', implode("\n", $newlines));
} }
}
} }
if($good) { if ($good) {
echo "{ \"result\": \"success\" }"; echo "{ \"result\": \"success\" }";
} else {
echo "{ \"result\": \"loginfailed\" }";
} }
else {
echo "{ \"result\": \"loginfailed\" }";
}
?>

53
DynmapCore/src/main/resources/extracted/web/standalone/markers.php
View File

@ -1,10 +1,11 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
if(!isset($markerspath)) { if (!isset($markerspath)) {
$markerspath = "../tiles/"; $markerspath = "../tiles/";
} }
//Use this to force specific tiles path, versus using passed value //Use this to force specific tiles path, versus using passed value
@ -12,16 +13,15 @@ if(!isset($markerspath)) {
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['marker']; $path = $_REQUEST['marker'];
@ -36,7 +36,7 @@ $fname = $markerspath . $path;
$parts = explode("/", $path); $parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) { if (($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error'); header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>"; echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path; echo "Bad marker: " . $path;
@ -46,26 +46,25 @@ if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
$uid = '[' . strtolower($userid) . ']'; $uid = '[' . strtolower($userid) . ']';
if (!is_readable($fname)) { if (!is_readable($fname)) {
if(strstr($path, ".jpg") || strstr($path, ".png")) { if (strstr($path, ".jpg") || strstr($path, ".png")) {
$fname = "../images/blank.png"; $fname = "../images/blank.png";
} } else {
else { header('HTTP/1.0 404 Not Found');
header('HTTP/1.0 404 Not Found'); echo "<h1>404 Not Found</h1>";
echo "<h1>404 Not Found</h1>"; echo "Not found: " . $path;
echo "Not found: " . $path; exit();
exit(); }
}
} }
$fp = fopen($fname, 'rb'); $fp = fopen($fname, 'rb');
if (strstr($path, ".png")) if (strstr($path, ".png")) {
header("Content-Type: image/png"); header("Content-Type: image/png");
else if (strstr($path, ".jpg")) } elseif (strstr($path, ".jpg")) {
header("Content-Type: image/jpeg"); header("Content-Type: image/jpeg");
else } else {
header("Content-Type: application/text"); header("Content-Type: application/text");
}
header("Content-Length: " . filesize($fname)); header("Content-Length: " . filesize($fname));
fpassthru($fp); fpassthru($fp);
exit; exit;
?>

110
DynmapCore/src/main/resources/extracted/web/standalone/register.php
View File

@ -1,38 +1,35 @@
<?php <?php
ob_start(); ob_start();
require('dynmap_login.php'); require 'dynmap_login.php';
ob_end_clean(); ob_end_clean();
session_start(); session_start();
if(isset($_POST['j_password'])) { if (isset($_POST['j_password'])) {
$password = $_POST['j_password']; $password = $_POST['j_password'];
} else {
$password = '';
} }
else { if (isset($_POST['j_verify_password'])) {
$password = ''; $verify = $_POST['j_verify_password'];
} else {
$verify = '';
} }
if(isset($_POST['j_verify_password'])) { if (strcmp($password, $verify)) {
$verify = $_POST['j_verify_password']; echo "{ \"result\": \"verifyfailed\" }";
} return;
else {
$verify = '';
}
if(strcmp($password, $verify)) {
echo "{ \"result\": \"verifyfailed\" }";
return;
} }
if(isset($_POST['j_username'])) { if (isset($_POST['j_username'])) {
$userid = $_POST['j_username']; $userid = $_POST['j_username'];
} else {
$userid = '-guest-';
} }
else { if (isset($_POST['j_passcode'])) {
$userid = '-guest-'; $passcode = $_POST['j_passcode'];
} } else {
if(isset($_POST['j_passcode'])) { $passcode = '';
$passcode = $_POST['j_passcode'];
}
else {
$passcode = '';
} }
$good = false; $good = false;
@ -42,39 +39,38 @@ $_SESSION['userid'] = '-guest-';
$good = false; $good = false;
if(strcmp($useridlc, '-guest-')) { if (strcmp($useridlc, '-guest-')) {
if(isset($pendingreg[$useridlc])) { if (isset($pendingreg[$useridlc])) {
if(!strcmp($passcode, $pendingreg[$useridlc])) { if (!strcmp($passcode, $pendingreg[$useridlc])) {
$ctx = hash_init('sha256'); $ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt); hash_update($ctx, $pwdsalt);
hash_update($ctx, $password); hash_update($ctx, $password);
$hash = hash_final($ctx); $hash = hash_final($ctx);
$_SESSION['userid'] = $userid; $_SESSION['userid'] = $userid;
$good = true; $good = true;
$newlines[] = '<?php /*'; $newlines[] = '<?php /*';
$lines = file('dynmap_reg.php'); $lines = file('dynmap_reg.php');
if(!empty($lines)) { if (!empty($lines)) {
$cnt = count($lines) - 1; $cnt = count($lines) - 1;
for($i=1; $i < $cnt; $i++) { for ($i = 1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i])); list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue; if ($uid == $useridlc) {
if(array_key_exists($uid, $pendingreg)) { continue;
$newlines[] = $uid . '=' . $pc . '=' . $hsh; }
} if (array_key_exists($uid, $pendingreg)) {
} $newlines[] = $uid . '=' . $pc . '=' . $hsh;
} }
$newlines[] = $useridlc . '=' . $passcode . '=' . $hash; }
$newlines[] = '*/ ?>'; }
file_put_contents('dynmap_reg.php', implode("\n", $newlines)); $newlines[] = $useridlc . '=' . $passcode . '=' . $hash;
} $newlines[] = '*/ ?>';
} file_put_contents('dynmap_reg.php', implode("\n", $newlines));
}
}
} }
if($good) { if ($good) {
echo "{ \"result\": \"success\" }"; echo "{ \"result\": \"success\" }";
} else {
echo "{ \"result\": \"registerfailed\" }";
} }
else {
echo "{ \"result\": \"registerfailed\" }";
}
?>

101
DynmapCore/src/main/resources/extracted/web/standalone/sendmessage.php
View File

@ -1,63 +1,58 @@
<?php <?php
session_start(); session_start();
if(is_readable('dynmap_config.json')) { if (is_readable('dynmap_config.json')) {
$config = json_decode(file_get_contents('dynmap_config.json'), true); $config = json_decode(file_get_contents('dynmap_config.json'), true);
$msginterval = $config['webchat-interval']; $msginterval = $config['webchat-interval'];
} } elseif (is_readable('dynmap_config.php')) {
else if(is_readable('dynmap_config.php')) { $lines = file('dynmap_config.php');
$lines = file('dynmap_config.php'); array_shift($lines);
array_shift($lines); array_pop($lines);
array_pop($lines); $config = json_decode(implode(' ', $lines), true);
$config = json_decode(implode(' ',$lines), true); $msginterval = $config['webchat-interval'];
$msginterval = $config['webchat-interval']; } else {
} $msginterval = 2000;
else {
$msginterval = 2000;
} }
if(isset($_SESSION['lastchat'])) if (isset($_SESSION['lastchat'])) {
$lastchat = $_SESSION['lastchat']; $lastchat = $_SESSION['lastchat'];
else } else {
$lastchat = 0; $lastchat = 0;
}
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time()) if ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time()) {
{ $micro = microtime(true);
$micro = microtime(true); $timestamp = round($micro * 1000.0);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input'))); $data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp; $data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR']; $data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$uid = $_SESSION['userid']; $uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) { if (strcmp($uid, '-guest-')) {
$data->userid = $uid; $data->userid = $uid;
} }
} }
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR']; $data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if(is_readable('dynmap_webchat.json')) { }
$old_messages = json_decode(file_get_contents('dynmap_webchat.json'), true); if (is_readable('dynmap_webchat.json')) {
} $old_messages = json_decode(file_get_contents('dynmap_webchat.json'), true);
if(!empty($old_messages)) }
{ if (!empty($old_messages)) {
foreach($old_messages as $message) foreach ($old_messages as $message) {
{ if (($timestamp - $config['updaterate'] - 10000) < $message['timestamp']) {
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp']) $new_messages[] = $message;
$new_messages[] = $message; }
} }
} }
$new_messages[] = $data; $new_messages[] = $data;
file_put_contents('dynmap_webchat.json', json_encode($new_messages)); file_put_contents('dynmap_webchat.json', json_encode($new_messages));
$_SESSION['lastchat'] = time()+$msginterval; $_SESSION['lastchat'] = time() + $msginterval;
echo "{ \"error\" : \"none\" }"; echo "{ \"error\" : \"none\" }";
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time()) {
header('HTTP/1.1 403 Forbidden');
} else {
echo "{ \"error\" : \"none\" }";
} }
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{
header('HTTP/1.1 403 Forbidden');
}
else {
echo "{ \"error\" : \"none\" }";
}
?>

81
DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
View File

@ -1,10 +1,11 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
if(!isset($tilespath)) { if (!isset($tilespath)) {
$tilespath = "../tiles/"; $tilespath = "../tiles/";
} }
//Use this to force specific tiles path, versus using passed value //Use this to force specific tiles path, versus using passed value
@ -12,16 +13,15 @@ if(!isset($tilespath)) {
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
$path = $_REQUEST['tile']; $path = $_REQUEST['tile'];
@ -40,46 +40,45 @@ $uid = '[' . strtolower($userid) . ']';
$world = $parts[0]; $world = $parts[0];
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
$fname = "../images/blank.png"; $fname = "../images/blank.png";
} }
} }
if(count($parts) > 2) { if (count($parts) > 2) {
$prefix = $parts[1]; $prefix = $parts[1];
$plen = strlen($prefix); $plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) { if (($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4); $prefix = substr($prefix, 0, $plen - 4);
} }
$mapid = $world . "." . $prefix; $mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) { if (isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid); $ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) { if ($ss === false) {
$fname = "../images/blank.png"; $fname = "../images/blank.png";
} }
} }
} }
if (!is_readable($fname)) { if (!is_readable($fname)) {
if(strstr($path, ".jpg") || strstr($path, ".png")) { if (strstr($path, ".jpg") || strstr($path, ".png")) {
$fname = "../images/blank.png"; $fname = "../images/blank.png";
} } else {
else { echo "{ \"result\": \"bad-tile\" }";
echo "{ \"result\": \"bad-tile\" }"; exit;
exit; }
}
} }
$fp = fopen($fname, 'rb'); $fp = fopen($fname, 'rb');
if (strstr($path, ".png")) if (strstr($path, ".png")) {
header("Content-Type: image/png"); header("Content-Type: image/png");
else if (strstr($path, ".jpg")) } elseif (strstr($path, ".jpg")) {
header("Content-Type: image/jpeg"); header("Content-Type: image/jpeg");
else } else {
header("Content-Type: application/text"); header("Content-Type: application/text");
}
header("Content-Length: " . filesize($fname)); header("Content-Length: " . filesize($fname));
fpassthru($fp); fpassthru($fp);
exit; exit;
?>

119
DynmapCore/src/main/resources/extracted/web/standalone/update.php
View File

@ -1,102 +1,95 @@
<?php <?php
ob_start(); ob_start();
include('dynmap_access.php'); require 'dynmap_access.php';
ob_end_clean(); ob_end_clean();
$world = $_REQUEST['world']; $world = $_REQUEST['world'];
session_start(); session_start();
if(isset($_SESSION['userid'])) { if (isset($_SESSION['userid'])) {
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
} } else {
else { $userid = '-guest-';
$userid = '-guest-';
} }
$loggedin = false; $loggedin = false;
if(strcmp($userid, '-guest-')) { if (strcmp($userid, '-guest-')) {
$loggedin = true; $loggedin = true;
} }
header('Content-type: text/plain; charset=utf-8'); header('Content-type: text/plain; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\')) { if (strpos($world, '/') || strpos($world, '\\')) {
echo "{ \"error\": \"invalid-world\" }"; echo "{ \"error\": \"invalid-world\" }";
return; return;
} }
if(isset($webpath)) if (isset($webpath)) {
$fname = $webpath . '/standalone/updates_' . $world . '.php'; $fname = $webpath . '/standalone/updates_' . $world . '.php';
else } else {
$fname = 'updates_' . $world . '.php'; $fname = 'updates_' . $world . '.php';
}
if(!is_readable($fname)) { if (!is_readable($fname)) {
header('HTTP/1.0 404 Not Found'); header('HTTP/1.0 404 Not Found');
return; return;
} }
$useridlc = strtolower($userid); $useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']'; $uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) { if (isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid); $ss = stristr($worldaccess[$world], $uid);
if($ss === false) { if ($ss === false) {
echo "{ \"error\": \"access-denied\" }"; echo "{ \"error\": \"access-denied\" }";
return; return;
} }
} }
$lines = file($fname); $lines = file($fname);
if(!$lines) { if (!$lines) {
header('HTTP/1.0 404 Not Found'); header('HTTP/1.0 404 Not Found');
return; return;
} }
array_shift($lines); array_shift($lines);
array_pop($lines); array_pop($lines);
$json = json_decode(implode(' ',$lines)); $json = json_decode(implode(' ', $lines));
if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) { if (isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }"; echo "{ \"error\": \"login-required\" }";
} else {
$json->loggedin = $loggedin;
if (isset($json->protected) && $json->protected) {
$ss = stristr($seeallmarkers, $uid);
if ($ss === false) {
if (isset($playervisible[$useridlc])) {
$plist = $playervisible[$useridlc];
$pcnt = count($json->players);
for ($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if (!stristr($plist, '[' . $p->account . ']')) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
} else {
$pcnt = count($json->players);
for ($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if (strcasecmp($userid, $p->account) != 0) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
}
}
echo json_encode($json);
} }
else {
$json->loggedin = $loggedin;
if (isset($json->protected) && $json->protected) {
$ss = stristr($seeallmarkers, $uid);
if($ss === false) {
if(isset($playervisible[$useridlc])) {
$plist = $playervisible[$useridlc];
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(!stristr($plist, '[' . $p->account . ']')) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
else {
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(strcasecmp($userid, $p->account) != 0) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
}
}
echo json_encode($json);
}
?>

48
DynmapCore/src/main/resources/extracted/web/up.php
View File

@ -1,6 +1,6 @@
<?php <?php
define ('HOSTNAME', 'http://localhost:8123/up/'); define('HOSTNAME', 'http://localhost:8123/up/');
session_start(); session_start();
@ -12,52 +12,50 @@ $valid_url_regex = '/.*/';
// ############################################################################ // ############################################################################
$path = $_GET['path']; $path = $_GET['path'];
$url = HOSTNAME.$path; $url = HOSTNAME . $path;
$ch = curl_init( $url ); $ch = curl_init($url);
$client_headers = array(); $client_headers = array();
$client_headers[] = 'X-Forwarded-For: '.$_SERVER['REMOTE_ADDR']; $client_headers[] = 'X-Forwarded-For: ' . $_SERVER['REMOTE_ADDR'];
curl_setopt($ch, CURLOPT_HTTPHEADER, $client_headers); curl_setopt($ch, CURLOPT_HTTPHEADER, $client_headers);
if ( strtolower($_SERVER['REQUEST_METHOD']) == 'post' ) { if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
$postText = trim(file_get_contents('php://input')); $postText = trim(file_get_contents('php://input'));
curl_setopt( $ch, CURLOPT_POST, true ); curl_setopt($ch, CURLOPT_POST, true);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $postText ); curl_setopt($ch, CURLOPT_POSTFIELDS, $postText);
} }
$cookie = array(); $cookie = array();
foreach ( $_COOKIE as $key => $value ) { foreach ($_COOKIE as $key => $value) {
$cookie[] = $key . '=' . $value; $cookie[] = $key . '=' . $value;
} }
$cookie[] = SID; $cookie[] = SID;
$cookie = implode( '; ', $cookie ); $cookie = implode('; ', $cookie);
curl_setopt( $ch, CURLOPT_COOKIE, $cookie ); curl_setopt($ch, CURLOPT_COOKIE, $cookie);
//curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true ); //curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt( $ch, CURLOPT_HEADER, true ); curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt( $ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'] ); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
list( $header, $contents ) = preg_split( '/([\r\n][\r\n])\\1/', curl_exec( $ch ), 2 ); list($header, $contents) = preg_split('/([\r\n][\r\n])\\1/', curl_exec($ch), 2);
$status = curl_getinfo( $ch ); $status = curl_getinfo($ch);
curl_close( $ch ); curl_close($ch);
// Split header text into an array. // Split header text into an array.
$header_text = preg_split( '/[\r\n]+/', $header ); $header_text = preg_split('/[\r\n]+/', $header);
// Propagate headers to response. // Propagate headers to response.
foreach ( $header_text as $header ) { foreach ($header_text as $header) {
if ( preg_match( '/^(?:Content-Type|Content-Language|Set-Cookie):/i', $header ) ) { if (preg_match('/^(?:Content-Type|Content-Language|Set-Cookie):/i', $header)) {
header( $header ); header($header);
} }
} }
print $contents; print $contents;
?>