Skip to content

Commit

Permalink
[stkaddons] Commit all changes to addons website to-date
Browse files Browse the repository at this point in the history 
* Change password storage from MD5 to SHA256
* Add news message support
* Begin overhaul of user and addon display code
* Add addon attributes
* Add extensive validation to uploaded addon files
  • Loading branch information
stephenjust committed Mar 30, 2011
1 parent b3d342c commit c3bf3e0
Show file tree
Hide file tree
Showing 64 changed files with 4,694 additions and 2,541 deletions.
2 changes: 1 addition & 1 deletion CREDITS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
xapantu
sj04736

== Translation s==
== Translations ==
asciimonster
norcal

Expand Down
12 changes: 7 additions & 5 deletions about.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,19 +27,21 @@
***************************************************************************/

define('ROOT','./');
$security ="";
include("include/security.php");
include("include/top.php");
include("config.php");
include('include.php');
include('include/top.php');
?>
</head>
<body>
<?php
include("menu.php");
include('include/menu.php');
?>
<div id="content">
<?php
include ("CREDITS");
$credits = file_get_contents("CREDITS");
$credits = str_replace("\n",'<br />',$credits);
echo '<tt>'.$credits.'</tt>';
?>
</div>
<?php
Expand Down
122 changes: 51 additions & 71 deletions account.php
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,22 @@
<?php
/* copyright 2009 Lucas Baudin <[email protected]>
This file is part of stkaddons.
stkaddons is free software: you can redistribute it and/or
modify it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
stkaddons is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.
You should have received a copy of the GNU General Public License along with
stkaddons. If not, see <http://www.gnu.org/licenses/>. */
/**
* copyright 2009 Lucas Baudin <[email protected]>
*
* This file is part of stkaddons
*
* stkaddons is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* stkaddons is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with stkaddons. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<?php
/***************************************************************************
Expand All @@ -26,62 +28,40 @@
Description: people
***************************************************************************/
$security = "basicPage";
include("include/security.php");
$security = 'basicPage';
define('ROOT','./');
include('include.php');

$title = "SuperTuxKart Add-ons | Users";
include("include/top.php");
$_GET['title'] = (isset($_GET['title'])) ? $_GET['title'] : NULL;

$title = _('SuperTuxKart Add-ons').' | '._('Users');
include('include/top.php');
?>
</head>
<body>
<?php
include("menu.php");
?>
<div id="select-addons">
<div id="select-addons_top">
</div>
<div id="select-addons_center">
<?php
$js = "";
loadUsers();
?>
</div>
<div id="select-addons_bottom">
</div></div>
<div id="disAddon_content">
<div id="disAddon"></div></div>
<?php
echo '<script type="text/javascript">';
echo $js;
echo '</script>';
include("include/footer.php"); ?>
</body>
</html>
</head>
<body>
<?php
include(ROOT.'include/menu.php');
?>
<div id="select-addons">
<div id="select-addons_top">
</div>
<div id="select-addons_center">
<?php
function loadUsers()
{
global $style, $js;
$addonLoader = new coreUser('users');
$addonLoader->loadAll();
echo '<ul id="list-addons">';
?>
<li>
<a class="menu-addons" href="javascript:loadAddon(<?php echo $_SESSION['id']; ?>,'user.php')">
<img class="icon" src="image/<?php echo $style; ?>/user.png" />
Me
</a>
</li>
<?php
while($addonLoader->next())
{
echo '<li><a class="menu-addons';
if($addonLoader->addonCurrent['available'] == 0) echo ' unavailable';
echo '" href="javascript:loadAddon('.$addonLoader->addonCurrent['id'].',\'user.php\')">';
echo '<img class="icon" src="image/'.$style.'/user.png" />';
echo $addonLoader->addonCurrent['login']."</a></li>";
if($addonLoader->addonCurrent['login'] == $_GET['title']) $js.= 'loadAddon('.$addonLoader->addonCurrent['id'].',\'user.php\')';
}
echo "</ul>";

}
$js = "";
loadUsers();
?>
</div>
<div id="select-addons_bottom">
</div></div>
<div id="content-addon">
<div id="content-addon_top"></div>
<div id="content-addon_body"></div>
<div id="content-addon_bottom"></div>
</div>
<?php
echo '<script type="text/javascript">';
echo $js;
echo '</script>';
include("include/footer.php"); ?>
</body>
</html>
123 changes: 80 additions & 43 deletions addon-view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,65 +27,102 @@
***************************************************************************/
$security ="";
define('ROOT','./');
$title = "Supertuxkart Addon Manager";
include("include/security.php");
include("include.php");
include("include/view.php");
include("include/top.php");
include_once("include/var.php");

// Validate addon-id parameter
$_GET['title'] = (isset($_GET['title'])) ? addon_id_clean($_GET['title']) : NULL;
$_GET['save'] = (isset($_GET['save'])) ? $_GET['save'] : NULL;
$_GET['rev'] = (isset($_GET['rev'])) ? (int)$_GET['rev'] : NULL;

?>
</head>
<body>
<?php
include("include/menu.php");
?>
<div id="select-addons">
<div id="select-addons_top">
</div>
<div id="select-addons_center">
<?php
$js = "";

loadAddons();
?>
</head>
<body>
<?php
include("menu.php");
?>
<div id="select-addons">
<div id="select-addons_top">
</div>
<div id="select-addons_center">
<?php
$js = "";
loadAddons();
?>
</div>
<div id="select-addons_bottom">
</div></div>
<div id="disAddon_content">
<div id="disAddon"></div></div>
<script type="text/javascript">
<?=$js?>
</script>
<?php include("include/footer.php"); ?>
</body>
</html>
</div>
<div id="select-addons_bottom">
</div></div>
<div id="content-addon">
<div id="content-addon_top"></div>
<div id="content-addon_status">
<?php
// Execute actions
switch ($_GET['save'])
{
default: break;
case 'desc':
if (!isset($_POST['description']))
break;
if (set_description($_GET['addons'], $_GET['title'], $_GET['rev'], $_POST['description']))
echo _('Saved description.').'<br />';
break;
case 'rev':
parseUpload($_FILES['file_addon'],true);
break;
case 'status':
if (!isset($_GET['addons']) || !isset($_GET['title']) || !isset($_POST['fields']))
break;
if (update_status($_GET['addons'],$_GET['title'],$_POST['fields']))
echo _('Saved status.').'<br />';
break;
}
?>
</div>
<div id="content-addon_body"></div>
<div id="content-addon_bottom"></div>
</div>
</div>
<script type="text/javascript">
<?php echo $js; ?>
</script>
<?php
include("include/footer.php");
function loadAddons()
{
global $addon, $dirDownload, $dirUpload, $js, $USER_LOGGED;
if(get('addons') == "karts" or get('addons') == "tracks" or $get('addons') == "file" or get('addons') == "blender")
global $addon, $dirDownload, $dirUpload, $js, $user;
if($_GET['addons'] == "karts" ||
$_GET['addons'] == "tracks" ||
$_GET['addons'] == "file" ||
$_GET['addons'] == "blender")
{
$addonLoader = new coreAddon($_GET['addons']);
$addonLoader->loadAll();
echo '<ul id="list-addons">';
while($addonLoader->next())
{
if($addonLoader->addonCurrent['available'] == 1)
{
echo '<li><a class="menu-addons" href="javascript:loadAddon('.$addonLoader->addonCurrent['id'].',\'addon.php?type='.$_GET['addons'].'\')">';
if($_GET['addons'] != "tracks") echo '<img class="icon" src="image.php?type=small&amp;pic='.$dirUpload.'icon/'.$addonLoader->addonCurrent['icon'].'" />';
else echo '<img class="icon" src="'.$dirDownload.'/icon/icon.png" />';
echo $addonLoader->addonCurrent['name']."</a></li>";
}
elseif($USER_LOGGED && ($_SESSION['range']['manageaddons'] == true || $_SESSION['id'] == $addonLoader->addonCurrent['user']))
{
echo '<li><a class="menu-addons unavailable" href="javascript:loadAddon('.$addonLoader->addonCurrent['id'].',\'addon.php?type='.$_GET['addons'].'\')">';
if($_GET['addons'] != "tracks") echo '<img class="icon" src="image.php?type=small&amp;pic='.$dirUpload.'icon/'.$addonLoader->addonCurrent['icon'].'" />';
else echo '<img class="icon" src="'.$dirDownload.'/icon/icon.png" />';
echo $addonLoader->addonCurrent['name']."</a></li>";
// Approved?
if(($addonLoader->addonCurrent['status'] & F_APPROVED) == F_APPROVED)
{
echo '<li><a class="menu-addons" href="javascript:loadAddon(\''.$addonLoader->addonCurrent['id'].'\',\'addon.php?type='.$_GET['addons'].'\')">';
if($_GET['addons'] != "tracks") echo '<img class="icon" src="image.php?type=small&amp;pic='.$addonLoader->addonCurrent['image'].'" />';
else echo '<img class="icon" src="image/track-icon.png" />';
echo $addonLoader->addonCurrent['name']."</a></li>";
}
elseif($user->logged_in && ($_SESSION['role']['manageaddons'] == true || $_SESSION['userid'] == $addonLoader->addonCurrent['uploader']))
{
echo '<li><a class="menu-addons unavailable" href="javascript:loadAddon(\''.$addonLoader->addonCurrent['id'].'\',\'addon.php?type='.$_GET['addons'].'\')">';
if($_GET['addons'] != "tracks")
echo '<img class="icon" src="image.php?type=small&amp;pic='.$addonLoader->addonCurrent['image'].'" />';
else echo '<img class="icon" src="image/track-icon.png" />';
echo $addonLoader->addonCurrent['name']."</a></li>";
}
if($addonLoader->addonCurrent['name'] == get('title')) $js.= 'loadAddon('.$addonLoader->addonCurrent['id'].',\'addon.php?type='.$_GET['addons'].'\')';
if($addonLoader->addonCurrent['id'] == $_GET['title']) $js.= 'loadAddon(\''.$addonLoader->addonCurrent['id'].'\',\'addon.php?type='.$_GET['addons'].'\')';
}
echo "</ul>";
}

}
?>
18 changes: 12 additions & 6 deletions addon.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@
***************************************************************************/
$security ="";
include("include/security.php");
define('ROOT','./');
include('include.php');
include_once("include/var.php");

if(!isset($_COOKIE['lang']))
Expand All @@ -41,8 +42,13 @@
textdomain('translations');
bind_textdomain_codeset('translations', 'UTF-8');

$type = get('type');
$action = get('action');
$type = (isset($_GET['type']))? $_GET['type'] : NULL;
if ($type != 'tracks' && $type != 'karts' && $type != 'users')
die(_('This page cannot be loaded because an invalid add-on type was provided.'));
if (!isset($_GET['action'])) $_GET['action'] = NULL;
$action = $_GET['action'];
if ($action != NULL && $action != 'file' && $action != 'remove' && $action != 'approve')
die(_('This page cannot be loaded because an invalid action was provided.'));

if($action == "file")
{
Expand All @@ -57,9 +63,9 @@

$addon = new coreAddon($type);
$addon->selectById($id);
if($action == "available")
if($action == "approve")
{
$addon->setAvailable();
$addon->approve();
$addon->selectById($id);
}
elseif($action != "" && $action != "file")
Expand All @@ -85,5 +91,5 @@
}
else
{
$addon->viewInformations();
$addon->viewInformation();
}?>
Loading

0 comments on commit c3bf3e0

Please sign in to comment.