Door System/unlock.php

aus Metalab, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Wechseln zu: Navigation, Suche

<?
//
// Metalab Keks (Keymembers exclusive Key System)
// - unlock.php
// this file allows the endpoint(pos) to figure out if a
// certain user is allowed to access the metalab at the 
// given time 
//
include 'config.php';
$time = time();

if (isset($_REQUEST['token'])){
	$token = mysql_real_escape_string($_REQUEST['token']);
}else{
	//you are going down
	die("No Token Set");	
}
$sqlt2u  = mysql_query("SELECT * FROM door_users WHERE token = '$token'");
$sqlt2uq = mysql_fetch_array($sqlt2u);
$user =  $sqlt2uq['username'];
if ($_REQUEST['token'] == $sqlt2uq['token']){
	//welcome known user, lets see if you got any permissions
	$sqlu2a  = mysql_query("SELECT * FROM door_acl WHERE username = '$user'");
	$sqlu2aq = mysql_fetch_array($sqlu2a);
	if ($sqlu2aq['permission'] == "0"){
		//you got full acess
		echo "TRUE";
		mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock', timestamp='$time'");
	}elseif($sqlu2aq['permission'] == "1"){
		//you got partial access
		 $sqlu2e  = mysql_query("SELECT * FROM door_expires WHERE username = '$user'");
        	 $sqlu2eq = mysql_fetch_array($sqlu2e);		
		 if($sqlu2eq['dead'] == "FALSE"){
			echo "TEMP";
			mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock_once', timestamp='$time'");
			//kill the ticket - the user is only allowed to ride once
			mysql_query("UPDATE door_expires SET `dead` = 'TRUE' WHERE username = '$user';");
		}else{
			echo "FALSE";
			mysql_query("INSERT INTO door_timeline SET who='$user', action='fail_once', timestamp='$time'");
		}
	}else{
		//you have no access
		echo "FALSE";
		mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
	}
	die();
}else{
	//unkn0wn user is not allowed to log in
	mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
	die("FALSE");
}
?>