Finished the login and sterilisation

This commit is contained in:
Jesse James Isler 2022-04-05 13:51:36 +02:00
parent b0d00d2b38
commit 765d3d17da
4 changed files with 100 additions and 34 deletions

View File

@ -2,10 +2,11 @@
<html> <html>
<?php <?php
public function removeBrackets($input) function sanitizeMyThings($input)
{ {
$output = str_replace('"', "'", $input) $output = trim($input);
return $output $output = filter_var($input, FILTER_SANITIZE_STRING);
return $output;
} }
if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
@ -22,12 +23,12 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
# #
# This is the color defined by https://materializecss.com/color.html # This is the color defined by https://materializecss.com/color.html
$f_color = removeBrackets($_POST['rolecolor']." ".$_POST['rolestrength']."-".$_POST['rolemod']); $f_color = sanitizeMyThings($_POST['rolecolor']." ".$_POST['rolemod']."-".$_POST['rolestrength']);
fwrite($rolefile, '$color = "'.$f_color.'"'.PHP_EOL); fwrite($rolefile, '$color = "'.$f_color.'";'.PHP_EOL);
# Text Color # Text Color
$f_tcolor = removeBrackets($_POST['tcolor']); $f_tcolor = sanitizeMyThings($_POST['tcolor']);
fwrite($rolefile, '$tcolor = '.$f_tcolor.PHP_EOL); fwrite($rolefile, '$tcolor = "'.$f_tcolor.'-text";'.PHP_EOL);
# #
@ -35,12 +36,12 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
# #
#The Name of the Role #The Name of the Role
$f_name = removeBrackets($_POST['rolename']); $f_name = sanitizeMyThings($_POST['rolename']);
fwrite($rolefile, '$name = "'.$f_name.PHP_EOL); fwrite($rolefile, '$name = "'.$f_name.'";'.PHP_EOL);
#The Description of the Role, HTML conform :) #The Description of the Role, HTML conform :)
$f_description = removeBrackets($_POST['roledesc']); $f_description = sanitizeMyThings($_POST['roledesc']);
fwrite($rolefile,'$description = "'. $f_description.PHP_EOL); fwrite($rolefile,'$description = "'. $f_description.'";'.PHP_EOL);
@ -50,24 +51,24 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
# #
#How To play #How To play
$f_howtoplay = removeBrackets($_POST['howtoplay']); $f_howtoplay = sanitizeMyThings($_POST['howtoplay']);
fwrite($rolefile, '$howtoplay = "'.$f_howtoplay.PHP_EOL); fwrite($rolefile, '$howtoplay = "'.sanitizeMyThings($f_howtoplay).'";'.PHP_EOL);
#With what roles does this role play best? #With what roles does this role play best?
fwrite($rolefile, '$playsbestwith = "<ul>'.PHP_EOL); fwrite($rolefile, '$playsbestwith = "<ul>;'.PHP_EOL);
foreach($_POST['goodRoles'] as removeBrackets($selectedOption)) { foreach($_POST['goodRoles'] as $selectedOption) {
fwrite($rolefile, '<li>'.$selectedOption.'</li>'.PHP_EOL); fwrite($rolefile, '<li>'.sanitizeMyThings($selectedOption).'</li>'.PHP_EOL);
}; };
fwrite($rolefile, '</ul>;"'.PHP_EOL); fwrite($rolefile, '</ul>";'.PHP_EOL);
#Convars #Convars
$f_convars = '$convars = "Normal Role Convars (also found in ULX): $f_convars = '$convars = "Normal Role Convars (also found in ULX):
<code>'.removeBrackets($_POST['gconvars'].'</code> <code>'.sanitizeMyThings($_POST['gconvars']).'</code>
Rolespecific Convars: Rolespecific Convars:
<code>'.removeBrackets($_POST['cconvars']).'</code>"'; <code>'.sanitizeMyThings($_POST['cconvars']).'</code>";';
fwrite($rolefile, $f_convars.PHP_EOL); fwrite($rolefile, $f_convars.PHP_EOL);
@ -77,21 +78,21 @@ if (preg_match('/^[\/\w\-. ]+$/', $_POST['rolename'].'.php')){
# #
#The Steam URL to your addon #The Steam URL to your addon
$f_steam = removeBrackets($_POST['steam']); $f_steam = sanitizeMyThings($_POST['steam']);
fwrite($rolefile, '$steam = "'.$f_steam.'"'.PHP_EOL); fwrite($rolefile, '$steam = "'.$f_steam.'";'.PHP_EOL);
#The Source URL to your addon #The Source URL to your addon
$f_source = removeBrackets($_POST['source']); $f_source = sanitizeMyThings($_POST['source']);
fwrite($rolefile, '$source = "'.$f_source.'"'.PHP_EOL); fwrite($rolefile, '$source = "'.$f_source.'";'.PHP_EOL);
#Creator of the Addon #Creator of the Addon
$f_author = removeBrackets($_POST['creator']); $f_author = sanitizeMyThings($_POST['creator']);
fwrite($rolefile, '$author = "'.$f_author.'"'.PHP_EOL); fwrite($rolefile, '$author = "'.$f_author.'";'.PHP_EOL);
#Creatorlink #Creatorlink
$f_authorurl = removeBrackets($_POST['creatorurl']); $f_authorurl = sanitizeMyThings($_POST['creatorurl']);
fwrite($rolefile, '$authorurl = "'.$f_authorurl.'"'.PHP_EOL); fwrite($rolefile, '$authorurl = "'.$f_authorurl.'";'.PHP_EOL);
# Credittext (can use the above variables) # Credittext (can use the above variables)
$f_ctext = removeBrackets($_POST['credits']); $f_ctext = sanitizeMyThings($_POST['credits']);
fwrite($rolefile, '$ctext = "'.$f_ctext.'"'.PHP_EOL); fwrite($rolefile, '$ctext = "'.$f_ctext.'";'.PHP_EOL);
fwrite($rolefile, '?>'); fwrite($rolefile, '?>');
fclose($rolefile); fclose($rolefile);

View File

@ -1,3 +1,6 @@
<?php
if( empty( $runningFileName ) ) die("Cannot access this page directly");
?>
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>

View File

@ -46,6 +46,7 @@
</div> </div>
</li> </li>
<li><a href="https://discord.gg/Npcbb4W">Official TTT2 Discord</a></li> <li><a href="https://discord.gg/Npcbb4W">Official TTT2 Discord</a></li>
<li><a href="login.php">Create your own! <b>[BETA]</b></a></li>
<li><div class="divider"></div></li> <li><div class="divider"></div></li>
<li><a class="subheader">Roles</a></li> <li><a class="subheader">Roles</a></li>

View File

@ -6,19 +6,80 @@ $pass = @$_POST['pass'];
if($user == "admin" if($user == "admin"
&& $pass == "soup") && $pass == "soup")
{ {
$runningFileName = "login.php";
include("create.php"); include("create.php");
} }
else else
{ {
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>TTT2 Role Adder</title>
<meta name="description" content="Add a new TTT2 Role">
<meta name="author" content="James">
<meta property="og:title" content="TTT2 Role Adder">
<meta property="og:type" content="website">
<meta property="og:url" content="https://ttt.james-things.com">
<meta property="og:description" content="All TTT2 Roles documented halfheartedly">
<meta property="og:image" content="https://e7.pngegg.com/pngimages/710/403/png-clipart-the-embodiment-of-scarlet-devil-team-shanghai-alice-video-game-banjo-tooie-mario-luigi-partners-in-time-marisa-logo-computer-wallpaper.png">
<link rel="icon" href="/favicon.ico">
<link rel="icon" href="/favicon.svg" type="image/svg+xml">
<link rel="apple-touch-icon" href="/apple-touch-icon.png">
<!--MATERIALIZE-->
<!--Import jQuery-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<!--Import Google Icon Font-->
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
<!--Import materialize.css-->
<link type="text/css" rel="stylesheet" href="css/materialize.min.css" media="screen,projection" />
<!--My Custom Stylesheet-->
<link rel="stylesheet" href="css/styles.css">
</head>
<body>
<div class="container center_all_things">
<div class="row">
<div class="col s12 blurry">
<div class="card-panel card white">
<?php
if(isset($_POST)) if(isset($_POST))
{ {
echo ' ?>
<div class="row">
<form method="POST" action="login.php"> <form method="POST" action="login.php">
User <input type="text" name="user"></input><br/>
Pass <input type="password" name="pass"></input><br/> <div class="input-field col s6">
<input type="submit" name="submit" value="Go"></input> <input type="text" name="user"></input><br/>
<label for="user">Name</label>
</div>
<div class="input-field col s6">
<input type="password" name="pass"></input><br/>
<label for="pass">Password</label>
</div>
<button class="btn waves-effect waves-light col s12" type="submit" value="Login" name="submit">Submit <i class="material-icons right">send</i>
</button>
</form> </form>
'; </div>
</div>
</div>
</div>
</div>
<script>
$(document).ready(function() {
$('select').formSelect();
$('.collapsible').collapsible();
M.updateTextFields();
});
</script>
<script type="text/javascript" src="js/materialize.min.js"></script>
</body>
</html>
<?php
} }
} }
?> ?>