aus Metalab Wiki, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
<?
//
// Metalab Keks (Keymembers exclusive Key System)
// - unlock.php
// this file allows the endpoint(pos) to figure out if a
// certain user is allowed to access the metalab at the
// given time
//
include 'config.php';
$time = time();
if (isset($_REQUEST['token'])){
$token = mysql_real_escape_string($_REQUEST['token']);
}else{
//you are going down
die("No Token Set");
}
$sqlt2u = mysql_query("SELECT * FROM door_users WHERE token = '$token'");
$sqlt2uq = mysql_fetch_array($sqlt2u);
$user = $sqlt2uq['username'];
if ($_REQUEST['token'] == $sqlt2uq['token']){
//welcome known user, lets see if you got any permissions
$sqlu2a = mysql_query("SELECT * FROM door_acl WHERE username = '$user'");
$sqlu2aq = mysql_fetch_array($sqlu2a);
if ($sqlu2aq['permission'] == "0"){
//you got full acess
echo "TRUE";
mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock', timestamp='$time'");
}elseif($sqlu2aq['permission'] == "1"){
//you got partial access
$sqlu2e = mysql_query("SELECT * FROM door_expires WHERE username = '$user'");
$sqlu2eq = mysql_fetch_array($sqlu2e);
if($sqlu2eq['dead'] == "FALSE"){
echo "TEMP";
mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock_once', timestamp='$time'");
//kill the ticket - the user is only allowed to ride once
mysql_query("UPDATE door_expires SET `dead` = 'TRUE' WHERE username = '$user';");
}else{
echo "FALSE";
mysql_query("INSERT INTO door_timeline SET who='$user', action='fail_once', timestamp='$time'");
}
}else{
//you have no access
echo "FALSE";
mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
}
die();
}else{
//unkn0wn user is not allowed to log in
mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
die("FALSE");
}
?>