Door System/unlock.php: Unterschied zwischen den Versionen

aus Metalab, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: <pre> - will be here soon - </pre>)
 
 
Zeile 1: Zeile 1:
 
<pre>
 
<pre>
- will be here soon -
+
 
 +
<?
 +
//
 +
// Metalab Keks (Keymembers exclusive Key System)
 +
// - unlock.php
 +
// this file allows the endpoint(pos) to figure out if a
 +
// certain user is allowed to access the metalab at the
 +
// given time
 +
//
 +
include 'config.php';
 +
$time = time();
 +
 
 +
if (isset($_REQUEST['token'])){
 +
$token = mysql_real_escape_string($_REQUEST['token']);
 +
}else{
 +
//you are going down
 +
die("No Token Set");
 +
}
 +
$sqlt2u  = mysql_query("SELECT * FROM door_users WHERE token = '$token'");
 +
$sqlt2uq = mysql_fetch_array($sqlt2u);
 +
$user =  $sqlt2uq['username'];
 +
if ($_REQUEST['token'] == $sqlt2uq['token']){
 +
//welcome known user, lets see if you got any permissions
 +
$sqlu2a  = mysql_query("SELECT * FROM door_acl WHERE username = '$user'");
 +
$sqlu2aq = mysql_fetch_array($sqlu2a);
 +
if ($sqlu2aq['permission'] == "0"){
 +
//you got full acess
 +
echo "TRUE";
 +
mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock', timestamp='$time'");
 +
}elseif($sqlu2aq['permission'] == "1"){
 +
//you got partial access
 +
$sqlu2e  = mysql_query("SELECT * FROM door_expires WHERE username = '$user'");
 +
        $sqlu2eq = mysql_fetch_array($sqlu2e);
 +
if($sqlu2eq['dead'] == "FALSE"){
 +
echo "TEMP";
 +
mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock_once', timestamp='$time'");
 +
//kill the ticket - the user is only allowed to ride once
 +
mysql_query("UPDATE door_expires SET `dead` = 'TRUE' WHERE username = '$user';");
 +
}else{
 +
echo "FALSE";
 +
mysql_query("INSERT INTO door_timeline SET who='$user', action='fail_once', timestamp='$time'");
 +
}
 +
}else{
 +
//you have no access
 +
echo "FALSE";
 +
mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
 +
}
 +
die();
 +
}else{
 +
//unkn0wn user is not allowed to log in
 +
mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
 +
die("FALSE");
 +
}
 +
?>
 +
 
  
 
</pre>
 
</pre>

Aktuelle Version vom 18. April 2008, 19:13 Uhr


<?
//
// Metalab Keks (Keymembers exclusive Key System)
// - unlock.php
// this file allows the endpoint(pos) to figure out if a
// certain user is allowed to access the metalab at the 
// given time 
//
include 'config.php';
$time = time();

if (isset($_REQUEST['token'])){
	$token = mysql_real_escape_string($_REQUEST['token']);
}else{
	//you are going down
	die("No Token Set");	
}
$sqlt2u  = mysql_query("SELECT * FROM door_users WHERE token = '$token'");
$sqlt2uq = mysql_fetch_array($sqlt2u);
$user =  $sqlt2uq['username'];
if ($_REQUEST['token'] == $sqlt2uq['token']){
	//welcome known user, lets see if you got any permissions
	$sqlu2a  = mysql_query("SELECT * FROM door_acl WHERE username = '$user'");
	$sqlu2aq = mysql_fetch_array($sqlu2a);
	if ($sqlu2aq['permission'] == "0"){
		//you got full acess
		echo "TRUE";
		mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock', timestamp='$time'");
	}elseif($sqlu2aq['permission'] == "1"){
		//you got partial access
		 $sqlu2e  = mysql_query("SELECT * FROM door_expires WHERE username = '$user'");
        	 $sqlu2eq = mysql_fetch_array($sqlu2e);		
		 if($sqlu2eq['dead'] == "FALSE"){
			echo "TEMP";
			mysql_query("INSERT INTO door_timeline SET who='$user', action='unlock_once', timestamp='$time'");
			//kill the ticket - the user is only allowed to ride once
			mysql_query("UPDATE door_expires SET `dead` = 'TRUE' WHERE username = '$user';");
		}else{
			echo "FALSE";
			mysql_query("INSERT INTO door_timeline SET who='$user', action='fail_once', timestamp='$time'");
		}
	}else{
		//you have no access
		echo "FALSE";
		mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
	}
	die();
}else{
	//unkn0wn user is not allowed to log in
	mysql_query("INSERT INTO door_timeline SET who='$token', action='fail', timestamp='$time'");
	die("FALSE");
}
?>