CCF_100/AltServers
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Chloe Fontenot 🏳️‍⚧️
2021-02-02 17:22:50 -06:00
commit 6e3d44f26e
628 changed files with 51125 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Creative/dynmap/web/standalone/MySQL_access.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
require_once('MySQL_funcs.php');
if ($loginenabled) {
$rslt = getStandaloneFile('dynmap_access.php');
eval($rslt);
}
?>

78
Creative/dynmap/web/standalone/MySQL_configuration.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
include('MySQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$content = getStandaloneFile('dynmap_config.json');
header('Content-type: application/json; charset=utf-8');
$json = json_decode($content);
if (!$loginenabled) {
echo $content;
}
else if($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$uid = '[' . strtolower($userid) . ']';
$json->loggedin = $loggedin;
$wcnt = count($json->worlds);
$newworlds = array();
for($i = 0; $i < $wcnt; $i++) {
$w = $json->worlds[$i];
if($w->protected) {
$ss = stristr($worldaccess[$w->name], $uid);
if($ss !== false) {
$newworlds[] = $w;
}
else {
$w = null;
}
}
else {
$newworlds[] = $w;
}
if($w != null) {
$mcnt = count($w->maps);
$newmaps = array();
for($j = 0; $j < $mcnt; $j++) {
$m = $w->maps[$j];
if($m->protected) {
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
if($ss !== false) {
$newmaps[] = $m;
}
}
else {
$newmaps[] = $m;
}
}
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json);
}
cleanupDb();
?>

115
Creative/dynmap/web/standalone/MySQL_funcs.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
function cleanupDb() {
if (isset($db)) {
$db->close();
$db = NULL;
}
}
function abortDb($errormsg) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo $errormsg;
cleanupDb();
exit;
}
function initDbIfNeeded() {
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport;
$pos = strpos($dbname, '?');
if ($pos) {
$dbname = substr($dbname, 0, $pos);
}
if (!$db) {
$db = mysqli_connect('p:' . $dbhost, $dbuserid, $dbpassword, $dbname, $dbport);
if (mysqli_connect_errno()) {
abortDb("Error opening database");
}
}
}
function getStandaloneFileByServerId($fname, $sid) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=? AND ServerID=?');
$stmt->bind_param('si', $fname, $sid);
$res = $stmt->execute();
$stmt->store_result();
$stmt->bind_result($content);
if ($stmt->fetch()) {
$rslt = $content;
}
else {
$rslt = NULL;
}
$stmt->close();
return $rslt;
}
function getStandaloneFile($fname) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return getStandaloneFileByServerId($fname, $serverid);
}
function updateStandaloneFileByServerId($fname, $sid, $content) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=? WHERE FileName=? AND ServerID=?');
$stmt->bind_param('ssi', $content, $fname, $sid);
$res = $stmt->execute();
$stmt->close();
if (!$res) {
$res = insertStandaloneFileByServerId($fname, $sid, $content);
}
return $res;
}
function updateStandaloneFile($fname, $content) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return updateStandaloneFileByServerId($fname, $serverid, $content);
}
function insertStandaloneFileByServerId($fname, $sid, $content) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);');
$stmt->bind_param('ssi', $content, $fname, $sid);
$res = $stmt->execute();
$stmt->close();
return $res;
}
function insertStandaloneFile($fname, $content) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return insertStandaloneFileByServerId($fname, $serverid, $content);
}
?>

8
Creative/dynmap/web/standalone/MySQL_getlogin.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
require_once('MySQL_funcs.php');
if ($loginenabled) {
$rslt = getStandaloneFile("dynmap_login.php");
eval($rslt);
}
?>

75
Creative/dynmap/web/standalone/MySQL_login.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
include('MySQL_getlogin.php');
ob_end_clean();
session_start();
if(isset($_POST['j_username'])) {
$userid = $_POST['j_username'];
}
else {
$userid = '-guest-';
}
$good = false;
if(strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) {
$password = $_POST['j_password'];
}
else {
$password = '';
}
$ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt);
hash_update($ctx, $password);
$hash = hash_final($ctx);
$useridlc = strtolower($userid);
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
$_SESSION['userid'] = $userid;
$good = true;
}
else {
$_SESSION['userid'] = '-guest-';
}
}
else {
$_SESSION['userid'] = '-guest-';
$good = true;
}
$content = getStandaloneFile('dynmap_reg.php');
/* Prune pending registrations, if needed */
$lines = explode('\n', $content);
$newlines[] = array();
if(!empty($lines)) {
$cnt = count($lines) - 1;
$changed = false;
for($i=1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue;
if(array_key_exists($uid, $pendingreg)) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh;
}
else {
$changed = true;
}
}
if($changed) {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
}
}
if($good) {
echo "{ \"result\": \"success\" }";
}
else {
echo "{ \"result\": \"loginfailed\" }";
}
cleanupDb();
?>

113
Creative/dynmap/web/standalone/MySQL_markers.php Normal file
View File

@@ -0,0 +1,113 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
include('MySQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
initDbIfNeeded();
if ($parts[0] == "faces") {
if (count($parts) != 3) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad face: " . $path;
cleanupDb();
exit();
}
$ft = 0;
if ($parts[1] == "8x8") {
$ft = 0;
}
else if ($parts[1] == '16x16') {
$ft = 1;
}
else if ($parts[1] == '32x32') {
$ft = 2;
}
else if ($parts[1] == 'body') {
$ft = 3;
}
$pn = explode(".", $parts[2]);
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?');
$stmt->bind_param('si', $pn[0], $ft);
$res = $stmt->execute();
$stmt->bind_result($timage);
if ($stmt->fetch()) {
header('Content-Type: image/png');
echo $timage;
}
else {
header('Location: ../images/blank.png');
}
}
else { // _markers_
$in = explode(".", $parts[1]);
$name = implode(".", array_slice($in, 0, count($in) - 1));
$ext = $in[count($in) - 1];
if (($ext == "json") && (strpos($name, "marker_") == 0)) {
$world = substr($name, 7);
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?');
$stmt->bind_param('s', $world);
$res = $stmt->execute();
$stmt->bind_result($timage);
header('Content-Type: application/json');
if ($stmt->fetch()) {
echo $timage;
}
else {
echo "{ }";
}
}
else {
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?');
$stmt->bind_param('s', $name);
$res = $stmt->execute();
$stmt->bind_result($timage);
if ($stmt->fetch()) {
header('Content-Type: image/png');
echo $timage;
}
else {
header('Location: ../images/blank.png');
}
}
}
$stmt->close();
cleanupDb();
exit;
?>

94
Creative/dynmap/web/standalone/MySQL_register.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
require('MySQL_getlogin.php');
ob_end_clean();
session_start();
if(isset($_POST['j_password'])) {
$password = $_POST['j_password'];
}
else {
$password = '';
}
if(isset($_POST['j_verify_password'])) {
$verify = $_POST['j_verify_password'];
}
else {
$verify = '';
}
if(strcmp($password, $verify)) {
echo "{ \"result\": \"verifyfailed\" }";
return;
}
if(isset($_POST['j_username'])) {
$userid = $_POST['j_username'];
}
else {
$userid = '-guest-';
}
if(isset($_POST['j_passcode'])) {
$passcode = $_POST['j_passcode'];
}
else {
$passcode = '';
}
$good = false;
$useridlc = strtolower($userid);
$_SESSION['userid'] = '-guest-';
$good = false;
if(strcmp($useridlc, '-guest-')) {
if(isset($pendingreg[$useridlc])) {
if(!strcmp($passcode, $pendingreg[$useridlc])) {
$ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt);
hash_update($ctx, $password);
$hash = hash_final($ctx);
$_SESSION['userid'] = $userid;
$good = true;
$newlines[] = array();
$content = getStandaloneFile('dynmap_reg.php');
if (isset($content)) {
$lines = explode('\n', $content);
$isnew = false;
}
else {
$lines = array();
$isnew = true;
}
if(!empty($lines)) {
$cnt = count($lines) - 1;
for($i=1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue;
if(array_key_exists($uid, $pendingreg)) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh;
}
}
}
$newlines[] = $useridlc . '=' . $passcode . '=' . $hash;
if ($isnew) {
insertStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
}
else {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
}
}
}
}
if($good) {
echo "{ \"result\": \"success\" }";
}
else {
echo "{ \"result\": \"registerfailed\" }";
}
cleanupDb();
?>

75
Creative/dynmap/web/standalone/MySQL_sendmessage.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
ob_end_clean();
session_start();
$content = getStandaloneFile('dynmap_config.json');
if (isset($content)) {
$config = json_decode($content, true);
$msginterval = $config['webchat-interval'];
}
else {
$msginterval = 2000;
}
if(isset($_SESSION['lastchat']))
$lastchat = $_SESSION['lastchat'];
else
$lastchat = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time())
{
$micro = microtime(true);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if(!empty($old_messages))
{
foreach($old_messages as $message)
{
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp'])
$new_messages[] = $message;
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time()+$msginterval;
echo "{ \"error\" : \"none\" }";
}
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{
header('HTTP/1.1 403 Forbidden');
}
else {
echo "{ \"error\" : \"none\" }";
}
cleanupDb();
?>

109
Creative/dynmap/web/standalone/MySQL_tiles.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
include('MySQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$parts = explode("/", $path);
if (count($parts) != 4) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
$uid = '[' . strtolower($userid) . ']';
$world = $parts[0];
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
}
$variant='STANDARD';
$prefix = $parts[1];
$plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY';
}
$mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
}
$fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]);
$x = intval($fparts[1]);
$y = intval($fparts[2]);
}
else if (count($fparts) == 2) { // x_y
$zoom = 0;
$x = intval($fparts[0]);
$y = intval($fparts[1]);
}
else {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
initDbIfNeeded();
$stmt = $db->prepare('SELECT t.Image,t.Format,t.HashCode,t.LastUpdate FROM ' . $dbprefix . 'Maps m JOIN ' . $dbprefix . 'Tiles t WHERE m.WorldID=? AND m.MapID=? AND m.Variant=? AND m.ID=t.MapID AND t.x=? AND t.y=? and t.zoom=?');
$stmt->bind_param('sssiii', $world, $prefix, $variant, $x, $y, $zoom);
$res = $stmt->execute();
$stmt->bind_result($timage, $format, $thash, $tlast);
if ($stmt->fetch()) {
if ($format == 0) {
header('Content-Type: image/png');
}
else {
header('Content-Type: image/jpeg');
}
header('ETag: \'' . $thash . '\'');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast/1000) . ' GMT');
echo $timage;
}
else {
header('Location: ../images/blank.png');
}
$stmt->close();
cleanupDb();
exit;
?>

107
Creative/dynmap/web/standalone/MySQL_update.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
ob_start();
require_once('MySQL_funcs.php');
include('MySQL_config.php');
include('MySQL_access.php');
ob_end_clean();
$world = $_REQUEST['world'];
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
header('Content-type: application/json; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\')) {
echo "{ \"error\": \"invalid-world\" }";
return;
}
if ($loginenabled)
$fname = 'updates_' . $world . '.php';
else
$fname = 'updates_' . $world . '.json';
$useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
echo "{ \"error\": \"access-denied\" }";
return;
}
}
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
$content = getStandaloneFile('dynmap_' . $world . '.json');
if (!isset($content)) {
header('HTTP/1.0 503 Database Unavailable');
echo "<h1>503 Database Unavailable</h1>";
echo 'Error reading database - ' . $fname . ' #' . $serverid;
cleanupDb();
exit;
}
if (!$loginenabled) {
echo $content;
}
else if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$json = json_decode($content);
$json->loggedin = $loggedin;
if (isset($json->protected) && $json->protected) {
$ss = stristr($seeallmarkers, $uid);
if($ss === false) {
if(isset($playervisible[$useridlc])) {
$plist = $playervisible[$useridlc];
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(!stristr($plist, '[' . $p->account . ']')) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
else {
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(strcasecmp($userid, $p->account) != 0) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
}
}
echo json_encode($json);
}
cleanupDb();
?>

9
Creative/dynmap/web/standalone/PostgreSQL_access.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
require_once('PostgreSQL_funcs.php');
if ($loginenabled) {
$rslt = getStandaloneFile('dynmap_access.php');
var_dump($rslt);
eval($rslt);
}
?>

78
Creative/dynmap/web/standalone/PostgreSQL_configuration.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
include('PostgreSQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$content = getStandaloneFile('dynmap_config.json');
header('Content-type: application/json; charset=utf-8');
$json = json_decode($content);
if (!$loginenabled) {
echo $content;
}
else if($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$uid = '[' . strtolower($userid) . ']';
$json->loggedin = $loggedin;
$wcnt = count($json->worlds);
$newworlds = array();
for($i = 0; $i < $wcnt; $i++) {
$w = $json->worlds[$i];
if($w->protected) {
$ss = stristr($worldaccess[$w->name], $uid);
if($ss !== false) {
$newworlds[] = $w;
}
else {
$w = null;
}
}
else {
$newworlds[] = $w;
}
if($w != null) {
$mcnt = count($w->maps);
$newmaps = array();
for($j = 0; $j < $mcnt; $j++) {
$m = $w->maps[$j];
if($m->protected) {
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
if($ss !== false) {
$newmaps[] = $m;
}
}
else {
$newmaps[] = $m;
}
}
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json);
}
cleanupDb();
?>

116
Creative/dynmap/web/standalone/PostgreSQL_funcs.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
function cleanupDb() {
if (isset($db)) {
$db->close();
$db = NULL;
}
}
function abortDb($errormsg) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo $errormsg;
cleanupDb();
exit;
}
function initDbIfNeeded() {
global $db, $dbhost, $dbuserid, $dbpassword, $dbname, $dbport;
$pos = strpos($dbname, '?');
if ($pos) {
$dbname = substr($dbname, 0, $pos);
}
if (!$db) {
$db = new PDO("pgsql:host=$dbhost;port=$dbport;dbname=$dbname", $dbuserid , $dbpassword, array(PDO::ATTR_PERSISTENT => true));
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!$db) {
abortDb("Error opening database");
}
}
}
function getStandaloneFileByServerId($fname, $sid) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'StandaloneFiles WHERE FileName=:fname AND ServerID=:sid');
$stmt->bindParam(':fname', $fname, PDO::PARAM_STR);
$stmt->bindParam(':sid', $sid, PDO::PARAM_INT);
$res = $stmt->execute();
$content = $stmt->fetch(PDO::FETCH_BOTH);
if ($res && $content) {
$rslt = stream_get_contents($content[0]); //stupid streams...
}
else {
$rslt = NULL;
}
$stmt->closeCursor();
return $rslt;
}
function getStandaloneFile($fname) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return getStandaloneFileByServerId($fname, $serverid);
}
function updateStandaloneFileByServerId($fname, $sid, $content) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('UPDATE ' . $dbprefix . 'StandaloneFiles SET Content=? WHERE FileName=? AND ServerID=?');
$stmt->bind_param('ssi', $content, $fname, $sid);
$res = $stmt->execute();
$stmt->close();
if (!$res) {
$res = insertStandaloneFileByServerId($fname, $sid, $content);
}
return $res;
}
function updateStandaloneFile($fname, $content) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return updateStandaloneFileByServerId($fname, $serverid, $content);
}
function insertStandaloneFileByServerId($fname, $sid, $content) {
global $db, $dbprefix;
initDbIfNeeded();
$stmt = $db->prepare('INSERT INTO ' . $dbprefix . 'StandaloneFiles (Content,FileName,ServerID) VALUES (?,?,?);');
$res = $stmt->execute(array($content, $fname, $sid));
$stmt->close();
return $res;
}
function insertStandaloneFile($fname, $content) {
global $serverid;
if (!isset($serverid)) {
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
}
return insertStandaloneFileByServerId($fname, $serverid, $content);
}
?>

8
Creative/dynmap/web/standalone/PostgreSQL_getlogin.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
require_once('PostgreSQL_funcs.php');
if ($loginenabled) {
$rslt = getStandaloneFile("dynmap_login.php");
eval($rslt);
}
?>

75
Creative/dynmap/web/standalone/PostgreSQL_login.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
include('PostgreSQL_getlogin.php');
ob_end_clean();
session_start();
if(isset($_POST['j_username'])) {
$userid = $_POST['j_username'];
}
else {
$userid = '-guest-';
}
$good = false;
if(strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) {
$password = $_POST['j_password'];
}
else {
$password = '';
}
$ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt);
hash_update($ctx, $password);
$hash = hash_final($ctx);
$useridlc = strtolower($userid);
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
$_SESSION['userid'] = $userid;
$good = true;
}
else {
$_SESSION['userid'] = '-guest-';
}
}
else {
$_SESSION['userid'] = '-guest-';
$good = true;
}
$content = getStandaloneFile('dynmap_reg.php');
/* Prune pending registrations, if needed */
$lines = explode('\n', $content);
$newlines[] = array();
if(!empty($lines)) {
$cnt = count($lines) - 1;
$changed = false;
for($i=1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue;
if(array_key_exists($uid, $pendingreg)) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh;
}
else {
$changed = true;
}
}
if($changed) {
updateStandaloneFile('dynmap_reg.php', implode("\n", $newlines));
}
}
if($good) {
echo "{ \"result\": \"success\" }";
}
else {
echo "{ \"result\": \"loginfailed\" }";
}
cleanupDb();
?>

110
Creative/dynmap/web/standalone/PostgreSQL_markers.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
include('PostgreSQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
initDbIfNeeded();
if ($parts[0] == "faces") {
if (count($parts) != 3) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad face: " . $path;
cleanupDb();
exit();
}
$ft = 0;
if ($parts[1] == "8x8") {
$ft = 0;
}
else if ($parts[1] == '16x16') {
$ft = 1;
}
else if ($parts[1] == '32x32') {
$ft = 2;
}
else if ($parts[1] == 'body') {
$ft = 3;
}
$pn = explode(".", $parts[2]);
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'Faces WHERE PlayerName=? AND TypeID=?');
$res = $stmt->execute(array($pn[0], $ft));
$timage = $stmt->fetch();
if ($res && $timage) {
header('Content-Type: image/png');
echo stream_get_contents($timage[0]);
}
else {
header('Location: ../images/blank.png');
}
}
else { // _markers_
$in = explode(".", $parts[1]);
$name = implode(".", array_slice($in, 0, count($in) - 1));
$ext = $in[count($in) - 1];
if (($ext == "json") && (strpos($name, "marker_") == 0)) {
$world = substr($name, 7);
$stmt = $db->prepare('SELECT Content from ' . $dbprefix . 'MarkerFiles WHERE FileName=?');
$res = $stmt->execute(array($world));
$timage = $stmt->fetch();
header('Content-Type: application/json');
if ($res && $timage) {
echo stream_get_contents($timage[0]); //PDO returns arrays, even for single colums, and bytea is returned as stream.
}
else {
echo "{ }";
}
}
else {
$stmt = $db->prepare('SELECT Image from ' . $dbprefix . 'MarkerIcons WHERE IconName=?');
$res = $stmt->execute(array($name));
$timage = $stmt->fetch();
if ($res && $timage) {
header('Content-Type: image/png');
echo stream_get_contents($timage[0]);
}
else {
header('Location: ../images/blank.png');
}
}
}
$stmt->closeCursor();
cleanupDb();
exit;
?>

75
Creative/dynmap/web/standalone/PostgreSQL_sendmessage.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
ob_end_clean();
session_start();
$content = getStandaloneFile('dynmap_config.json');
if (isset($content)) {
$config = json_decode($content, true);
$msginterval = $config['webchat-interval'];
}
else {
$msginterval = 2000;
}
if(isset($_SESSION['lastchat']))
$lastchat = $_SESSION['lastchat'];
else
$lastchat = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time())
{
$micro = microtime(true);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$content = getStandaloneFile('dynmap_webchat.json');
$gotold = false;
if (isset($content)) {
$old_messages = json_decode($content, true);
$gotold = true;
}
if(!empty($old_messages))
{
foreach($old_messages as $message)
{
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp'])
$new_messages[] = $message;
}
}
$new_messages[] = $data;
if ($gotold) {
updateStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
else {
insertStandaloneFile('dynmap_webchat.json', json_encode($new_messages));
}
$_SESSION['lastchat'] = time()+$msginterval;
echo "{ \"error\" : \"none\" }";
}
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{
header('HTTP/1.1 403 Forbidden');
}
else {
echo "{ \"error\" : \"none\" }";
}
cleanupDb();
?>

114
Creative/dynmap/web/standalone/PostgreSQL_tiles.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
include('PostgreSQL_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad tile: " . $path;
exit();
}
$parts = explode("/", $path);
if (count($parts) != 4) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
$uid = '[' . strtolower($userid) . ']';
$world = $parts[0];
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
}
$variant='STANDARD';
$prefix = $parts[1];
$plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY';
}
$mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
}
$fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]);
$x = intval($fparts[1]);
$y = intval($fparts[2]);
}
else if (count($fparts) == 2) { // x_y
$zoom = 0;
$x = intval($fparts[0]);
$y = intval($fparts[1]);
}
else {
header('Location: ../images/blank.png');
cleanupDb();
exit;
}
initDbIfNeeded();
$stmt = $db->prepare('SELECT t.Image,t.Format,t.HashCode,t.LastUpdate FROM ' . $dbprefix . 'Maps m JOIN ' . $dbprefix . 'Tiles t ON m.ID=t.MapID WHERE m.WorldID=? AND m.MapID=? AND m.Variant=? AND t.x=? AND t.y=? and t.zoom=?');
$stmt->bindParam(1,$world, PDO::PARAM_STR);
$stmt->bindParam(2,$prefix, PDO::PARAM_STR);
$stmt->bindParam(3,$variant, PDO::PARAM_STR);
$stmt->bindParam(4,$x, PDO::PARAM_INT);
$stmt->bindParam(5,$y, PDO::PARAM_INT);
$stmt->bindParam(6,$zoom, PDO::PARAM_INT);
$res = $stmt->execute();
list($timage, $format, $thash, $tlast) = $stmt->fetch();
if ($res && $timage) {
if ($format == 0) {
header('Content-Type: image/png');
}
else {
header('Content-Type: image/jpeg');
}
header('ETag: \'' . $thash . '\'');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tlast/1000) . ' GMT');
echo stream_get_contents($timage);
}
else {
header('Location: ../images/blank.png');
}
$stmt->closeCursor();
cleanupDb();
exit;
?>

107
Creative/dynmap/web/standalone/PostgreSQL_update.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
ob_start();
require_once('PostgreSQL_funcs.php');
include('PostgreSQL_config.php');
include('PostgreSQL_access.php');
ob_end_clean();
$world = $_REQUEST['world'];
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
header('Content-type: application/json; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\') || empty($world)) {
echo "{ \"error\": \"invalid-world\" }";
return;
}
if ($loginenabled)
$fname = 'updates_' . $world . '.php';
else
$fname = 'updates_' . $world . '.json';
$useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
echo "{ \"error\": \"access-denied\" }";
return;
}
}
$serverid = 0;
if(isset($_REQUEST['serverid'])) {
$serverid = $_REQUEST['serverid'];
}
$content = getStandaloneFile('dynmap_' . $world . '.json');
if (!isset($content)) {
header('HTTP/1.0 503 Database Unavailable');
echo "<h1>503 Database Unavailable</h1>";
echo 'Error reading database - ' . $fname . ' #' . $serverid;
cleanupDb();
exit;
}
if (!$loginenabled) {
echo $content;
}
else if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$json = json_decode($content);
$json->loggedin = $loggedin;
if (isset($json->protected) && $json->protected) {
$ss = stristr($seeallmarkers, $uid);
if($ss === false) {
if(isset($playervisible[$useridlc])) {
$plist = $playervisible[$useridlc];
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(!stristr($plist, '[' . $p->account . ']')) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
else {
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(strcasecmp($userid, $p->account) != 0) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
}
}
echo json_encode($json);
}
cleanupDb();
?>

114
Creative/dynmap/web/standalone/SQLite_markers.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY);
if ($parts[0] == "faces") {
if (count($parts) != 3) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad face: " . $path;
exit();
}
$ft = 0;
if ($parts[1] == "8x8") {
$ft = 0;
}
else if ($parts[1] == '16x16') {
$ft = 1;
}
else if ($parts[1] == '32x32') {
$ft = 2;
}
else if ($parts[1] == 'body') {
$ft = 3;
}
$pn = explode(".", $parts[2]);
$stmt = $db->prepare('SELECT Image from Faces WHERE PlayerName=:pn AND TypeID=:ft');
$stmt->bindValue(":pn", $pn[0], SQLITE3_TEXT);
$stmt->bindValue(":ft", $ft, SQLITE3_INTEGER);
$res = $stmt->execute();
$row = $res->fetchArray();
if (isset($row[0])) {
header('Content-Type: image/png');
echo $row[0];
}
else {
header('Location: ../images/blank.png');
exit;
}
}
else { // _markers_
$in = explode(".", $parts[1]);
$name = implode(".", array_slice($in, 0, count($in) - 1));
$ext = $in[count($in) - 1];
if (($ext == "json") && (strpos($name, "marker_") == 0)) {
$world = substr($name, 7);
$stmt = $db->prepare('SELECT Content from MarkerFiles WHERE FileName=:fn');
$stmt->bindValue(':fn', $world, SQLITE3_TEXT);
$res = $stmt->execute();
$row = $res->fetchArray();
header('Content-Type: application/json');
if (isset($row[0])) {
echo $row[0];
}
else {
echo "{ }";
}
}
else {
$stmt = $db->prepare('SELECT Image from MarkerIcons WHERE IconName=:in');
$stmt->bindValue(":in", $name, SQLITE3_TEXT);
$res = $stmt->execute();
$row = $res->fetchArray();
if (isset($row[0])) {
header('Content-Type: image/png');
echo $row[0];
}
else {
header('Location: ../images/blank.png');
exit;
}
}
}
$res->finalize();
$stmt->close();
$db->close();
exit;
?>

117
Creative/dynmap/web/standalone/SQLite_tiles.php Normal file
View File

@@ -0,0 +1,117 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$parts = explode("/", $path);
if (count($parts) != 4) {
header('Location: ../images/blank.png');
exit;
}
$uid = '[' . strtolower($userid) . ']';
$world = $parts[0];
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
exit;
}
}
$variant='STANDARD';
$prefix = $parts[1];
$plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4);
$variant = 'DAY';
}
$mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) {
header('Location: ../images/blank.png');
exit;
}
}
$fparts = explode("_", $parts[3]);
if (count($fparts) == 3) { // zoom_x_y
$zoom = strlen($fparts[0]);
$x = intval($fparts[1]);
$y = intval($fparts[2]);
}
else if (count($fparts) == 2) { // x_y
$zoom = 0;
$x = intval($fparts[0]);
$y = intval($fparts[1]);
}
else {
header('Location: ../images/blank.png');
exit;
}
$db = new SQLite3($dbfile, SQLITE3_OPEN_READONLY);
$stmt = $db->prepare('SELECT Tiles.Image,Tiles.Format,Tiles.HashCode,Tiles.LastUpdate,Tiles.ImageLen FROM Maps JOIN Tiles WHERE Maps.WorldID=:wid AND Maps.MapID=:mapid AND Maps.Variant=:var AND Maps.ID=Tiles.MapID AND Tiles.x=:x AND Tiles.y=:y and Tiles.zoom=:zoom');
$stmt->bindValue(':wid', $world, SQLITE3_TEXT);
$stmt->bindValue(':mapid', $prefix, SQLITE3_TEXT);
$stmt->bindValue(':var', $variant, SQLITE3_TEXT);
$stmt->bindValue(':x', $x, SQLITE3_INTEGER);
$stmt->bindValue(':y', $y, SQLITE3_INTEGER);
$stmt->bindValue(':zoom', $zoom, SQLITE3_INTEGER);
$res = $stmt->execute();
$row = $res->fetchArray();
if (isset($row[1])) {
$format = $row[1];
if ($format == 0) {
header('Content-Type: image/png');
}
else {
header('Content-Type: image/jpeg');
}
header('ETag: \'' . $row[2] . '\'');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $row[3]/1000) . ' GMT');
if ($row[4] > 0) {
$v = substr($row[0], 0, $row[4]);
} else {
$v = rtrim($row[0], "\0");
}
header('Content-Length: ' . strlen($v));
echo $v;
}
else {
header('Location: ../images/blank.png');
}
$res->finalize();
$stmt->close();
$db->close();
exit;
?>

74
Creative/dynmap/web/standalone/configuration.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$lines = file('dynmap_config.php');
array_shift($lines);
array_pop($lines);
$json = json_decode(implode(' ',$lines));
header('Content-type: text/plain; charset=utf-8');
if($json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$uid = '[' . strtolower($userid) . ']';
$json->loggedin = $loggedin;
$wcnt = count($json->worlds);
for($i = 0; $i < $wcnt; $i++) {
$w = $json->worlds[$i];
if($w->protected) {
$ss = stristr($worldaccess[$w->name], $uid);
if($ss !== false) {
$newworlds[] = $w;
}
else {
$w = null;
}
}
else {
$newworlds[] = $w;
}
if($w != null) {
$mcnt = count($w->maps);
$newmaps = array();
for($j = 0; $j < $mcnt; $j++) {
$m = $w->maps[$j];
if($m->protected) {
$ss = stristr($mapaccess[$w->name . '.' . $m->prefix], $uid);
if($ss !== false) {
$newmaps[] = $m;
}
}
else {
$newmaps[] = $m;
}
}
$w->maps = $newmaps;
}
}
$json->worlds = $newworlds;
echo json_encode($json);
}
?>

78
Creative/dynmap/web/standalone/login.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
ob_start();
include('dynmap_login.php');
ob_end_clean();
session_start();
if(isset($_POST['j_username'])) {
$userid = $_POST['j_username'];
}
else {
$userid = '-guest-';
}
$good = false;
if(strcmp($userid, '-guest-')) {
if(isset($_POST['j_password'])) {
$password = $_POST['j_password'];
}
else {
$password = '';
}
$ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt);
hash_update($ctx, $password);
$hash = hash_final($ctx);
$useridlc = strtolower($userid);
if (strcasecmp($hash, $pwdhash[$useridlc]) == 0) {
$_SESSION['userid'] = $userid;
$good = true;
}
else {
$_SESSION['userid'] = '-guest-';
}
}
else {
$_SESSION['userid'] = '-guest-';
$good = true;
}
/* Prune pending registrations, if needed */
$newlines[] = '<?php /*';
if(is_readable('dynmap_reg.php'))
$lines = file('dynmap_reg.php');
else
$lines = array();
if(!empty($lines)) {
$cnt = count($lines) - 1;
$changed = false;
for($i=1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue;
if(array_key_exists($uid, $pendingreg)) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh;
}
else {
$changed = true;
}
}
if($changed) {
if(count($newlines) < 2) { /* Nothing? */
unlink('dynmap_reg.php');
}
else {
$newlines[] = '*/ ?>';
file_put_contents('dynmap_reg.php', implode("\n", $newlines));
}
}
}
if($good) {
echo "{ \"result\": \"success\" }";
}
else {
echo "{ \"result\": \"loginfailed\" }";
}
?>

71
Creative/dynmap/web/standalone/markers.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
if(!isset($markerspath)) {
$markerspath = "../tiles/";
}
//Use this to force specific tiles path, versus using passed value
//$markerspath = 'my-tiles-path';
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$fname = $markerspath . $path;
$parts = explode("/", $path);
if(($parts[0] != "faces") && ($parts[0] != "_markers_")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$uid = '[' . strtolower($userid) . ']';
if (!is_readable($fname)) {
if(strstr($path, ".jpg") || strstr($path, ".png")) {
$fname = "../images/blank.png";
}
else {
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>";
echo "Not found: " . $path;
exit();
}
}
$fp = fopen($fname, 'rb');
if (strstr($path, ".png"))
header("Content-Type: image/png");
else if (strstr($path, ".jpg"))
header("Content-Type: image/jpeg");
else
header("Content-Type: application/text");
header("Content-Length: " . filesize($fname));
fpassthru($fp);
exit;
?>

80
Creative/dynmap/web/standalone/register.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
ob_start();
require('dynmap_login.php');
ob_end_clean();
session_start();
if(isset($_POST['j_password'])) {
$password = $_POST['j_password'];
}
else {
$password = '';
}
if(isset($_POST['j_verify_password'])) {
$verify = $_POST['j_verify_password'];
}
else {
$verify = '';
}
if(strcmp($password, $verify)) {
echo "{ \"result\": \"verifyfailed\" }";
return;
}
if(isset($_POST['j_username'])) {
$userid = $_POST['j_username'];
}
else {
$userid = '-guest-';
}
if(isset($_POST['j_passcode'])) {
$passcode = $_POST['j_passcode'];
}
else {
$passcode = '';
}
$good = false;
$useridlc = strtolower($userid);
$_SESSION['userid'] = '-guest-';
$good = false;
if(strcmp($useridlc, '-guest-')) {
if(isset($pendingreg[$useridlc])) {
if(!strcmp($passcode, $pendingreg[$useridlc])) {
$ctx = hash_init('sha256');
hash_update($ctx, $pwdsalt);
hash_update($ctx, $password);
$hash = hash_final($ctx);
$_SESSION['userid'] = $userid;
$good = true;
$newlines[] = '<?php /*';
$lines = file('dynmap_reg.php');
if(!empty($lines)) {
$cnt = count($lines) - 1;
for($i=1; $i < $cnt; $i++) {
list($uid, $pc, $hsh) = explode('=', rtrim($lines[$i]));
if($uid == $useridlc) continue;
if(array_key_exists($uid, $pendingreg)) {
$newlines[] = $uid . '=' . $pc . '=' . $hsh;
}
}
}
$newlines[] = $useridlc . '=' . $passcode . '=' . $hash;
$newlines[] = '*/ ?>';
file_put_contents('dynmap_reg.php', implode("\n", $newlines));
}
}
}
if($good) {
echo "{ \"result\": \"success\" }";
}
else {
echo "{ \"result\": \"registerfailed\" }";
}
?>

63
Creative/dynmap/web/standalone/sendmessage.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
session_start();
if(is_readable('dynmap_config.json')) {
$config = json_decode(file_get_contents('dynmap_config.json'), true);
$msginterval = $config['webchat-interval'];
}
else if(is_readable('dynmap_config.php')) {
$lines = file('dynmap_config.php');
array_shift($lines);
array_pop($lines);
$config = json_decode(implode(' ',$lines), true);
$msginterval = $config['webchat-interval'];
}
else {
$msginterval = 2000;
}
if(isset($_SESSION['lastchat']))
$lastchat = $_SESSION['lastchat'];
else
$lastchat = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat < time())
{
$micro = microtime(true);
$timestamp = round($micro*1000.0);
$data = json_decode(trim(file_get_contents('php://input')));
$data->timestamp = $timestamp;
$data->ip = $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['userid'])) {
$uid = $_SESSION['userid'];
if(strcmp($uid, '-guest-')) {
$data->userid = $uid;
}
}
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$data->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if(is_readable('dynmap_webchat.json')) {
$old_messages = json_decode(file_get_contents('dynmap_webchat.json'), true);
}
if(!empty($old_messages))
{
foreach($old_messages as $message)
{
if(($timestamp - $config['updaterate'] - 10000) < $message['timestamp'])
$new_messages[] = $message;
}
}
$new_messages[] = $data;
file_put_contents('dynmap_webchat.json', json_encode($new_messages));
$_SESSION['lastchat'] = time()+$msginterval;
echo "{ \"error\" : \"none\" }";
}
elseif($_SERVER['REQUEST_METHOD'] == 'POST' && $lastchat > time())
{
header('HTTP/1.1 403 Forbidden');
}
else {
echo "{ \"error\" : \"none\" }";
}
?>

85
Creative/dynmap/web/standalone/tiles.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
if(!isset($tilespath)) {
$tilespath = "../tiles/";
}
//Use this to force specific tiles path, versus using passed value
//$tilespath = 'my-tiles-path';
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";
echo "Bad marker: " . $path;
exit();
}
$fname = $tilespath . $path;
$parts = explode("/", $path);
$uid = '[' . strtolower($userid) . ']';
$world = $parts[0];
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
$fname = "../images/blank.png";
}
}
if(count($parts) > 2) {
$prefix = $parts[1];
$plen = strlen($prefix);
if(($plen > 4) && (substr($prefix, $plen - 4) === "_day")) {
$prefix = substr($prefix, 0, $plen - 4);
}
$mapid = $world . "." . $prefix;
if(isset($mapaccess[$mapid])) {
$ss = stristr($mapaccess[$mapid], $uid);
if($ss === false) {
$fname = "../images/blank.png";
}
}
}
if (!is_readable($fname)) {
if(strstr($path, ".jpg") || strstr($path, ".png")) {
$fname = "../images/blank.png";
}
else {
echo "{ \"result\": \"bad-tile\" }";
exit;
}
}
$fp = fopen($fname, 'rb');
if (strstr($path, ".png"))
header("Content-Type: image/png");
else if (strstr($path, ".jpg"))
header("Content-Type: image/jpeg");
else
header("Content-Type: application/text");
header("Content-Length: " . filesize($fname));
fpassthru($fp);
exit;
?>

102
Creative/dynmap/web/standalone/update.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
ob_start();
include('dynmap_access.php');
ob_end_clean();
$world = $_REQUEST['world'];
session_start();
if(isset($_SESSION['userid'])) {
$userid = $_SESSION['userid'];
}
else {
$userid = '-guest-';
}
$loggedin = false;
if(strcmp($userid, '-guest-')) {
$loggedin = true;
}
header('Content-type: text/plain; charset=utf-8');
if(strpos($world, '/') || strpos($world, '\\')) {
echo "{ \"error\": \"invalid-world\" }";
return;
}
if(isset($webpath))
$fname = $webpath . '/standalone/updates_' . $world . '.php';
else
$fname = 'updates_' . $world . '.php';
if(!is_readable($fname)) {
header('HTTP/1.0 404 Not Found');
return;
}
$useridlc = strtolower($userid);
$uid = '[' . $useridlc . ']';
if(isset($worldaccess[$world])) {
$ss = stristr($worldaccess[$world], $uid);
if($ss === false) {
echo "{ \"error\": \"access-denied\" }";
return;
}
}
$lines = file($fname);
if(!$lines) {
header('HTTP/1.0 404 Not Found');
return;
}
array_shift($lines);
array_pop($lines);
$json = json_decode(implode(' ',$lines));
if(isset($json->loginrequired) && $json->loginrequired && !$loggedin) {
echo "{ \"error\": \"login-required\" }";
}
else {
$json->loggedin = $loggedin;
if (isset($json->protected) && $json->protected) {
$ss = stristr($seeallmarkers, $uid);
if($ss === false) {
if(isset($playervisible[$useridlc])) {
$plist = $playervisible[$useridlc];
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(!stristr($plist, '[' . $p->account . ']')) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
else {
$pcnt = count($json->players);
for($i = 0; $i < $pcnt; $i++) {
$p = $json->players[$i];
if(strcasecmp($userid, $p->account) != 0) {
$p->world = "-some-other-bogus-world-";
$p->x = 0.0;
$p->y = 64.0;
$p->z = 0.0;
}
}
}
}
}
echo json_encode($json);
}
?>