// // Redistribution and use in source and binary forms, with or without modification, // are permitted provided that the following conditions are met: // // + Redistributions of source code must retain the above copyright notice, this // list of conditions and the following disclaimer. // + Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // + The name of the author may not be used to endorse or promote products derived // from this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY // AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR // BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND // ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. require_once("database.inc"); require_once("xml-search.inc"); require_once("level-cache.inc"); require_once("mail-settings.inc"); require_once("htpasswd.inc"); require_once("login-system.inc"); // ================================================================== // Returns the get-parameters (like cathegory, level and others) // ================================================================== function get_params() { $params = ""; if (isset( $_GET["c"] )) $params .= 'c='.urlencode($_GET["c"]).'&'; if (isset( $_GET["l"] )) $params .= 'l='.urlencode($_GET["l"]).'&'; if (isset( $_GET["o"] )) $params .= 'o='.urlencode($_GET["o"]).'&'; if (isset( $_GET["showthumbs"] )) $params .= 'showthumbs='.urlencode($_GET["showthumbs"]).'&'; return $params; } // ================================================================== // User/Admin login or signup new user // ================================================================== $htpasswd = load_htpasswd(); $is_admin = False; $is_user = False; $user_data = Array(); if ( isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER'])) if ($_SERVER['PHP_AUTH_USER'] == "admin") $is_admin = test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] ); else { $is_user = test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] ); $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] ); } if ( isset($_GET["adminlogin"])) { if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Pingus Comment Tool Admin"'); header('HTTP/1.0 401 Unauthorized'); echo 'Cancelled. Hit Back.'; exit; } else { if ( !test_htpasswd( $htpasswd, "admin", $_SERVER['PHP_AUTH_PW'] )) { header('WWW-Authenticate: Basic realm="Pingus Comment Tool Admin"'); header('HTTP/1.0 401 Unauthorized'); echo 'Cancelled. Hit Back.'; exit; } else $is_admin = True; } } if ( isset($_GET["userlogin"])) { if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"'); header('HTTP/1.0 401 Unauthorized'); echo 'Cancelled. Hit Back.'; exit; } else { if ( !test_htpasswd( $htpasswd, strtolower($_SERVER['PHP_AUTH_USER']), $_SERVER['PHP_AUTH_PW'] )) { header('WWW-Authenticate: Basic realm="Pingus Comment Tool User"'); header('HTTP/1.0 401 Unauthorized'); echo 'Cancelled. Hit Back.'; exit; } else { $is_user = True; $user_data = get_user_data( $_SERVER['PHP_AUTH_USER'] ); } } } // ================================================================== // Thumbnail magick with cookies etc. // ================================================================== if (isset($_GET["showthumbs"])) { $show_thumbs = $_GET["showthumbs"]; if (!isset($_COOKIE["showthumbs"]) || $_COOKIE["showthumbs"] != $show_thumbs ) setCookie( "showthumbs", $_GET["showthumbs"], time()+3600*24 ); } else if ( isset($_COOKIE["showthumbs"]) ) $show_thumbs = $_COOKIE["showthumbs"]; // ================================================================== ?> Pingus level comment database

Pingus level comment database

">Login ">Signup
"; echo ($is_admin) ? 'admin' : $user_data["name"]; ?> is logged in
Show comments" : "listusers=1'>List users"; echo ""; ?>
read()) { if ($file != "." && $file != ".." && is_dir("data/levels/".$file)) { $levels = Array(); $dir2 = dir("data/levels/".$file); while ($file2 = $dir2->read()) if (strpos($file2, ".pingus") !== FALSE) $levels[] = str_replace( ".pingus", "", $file2 ); $dir2->close(); natcasesort( $levels ); $cath = Array(); $cath["name"] = $file; $cath["levels"] = $levels; $key = array_search($cath["name"], $preferred_order); if ( $key === False ) $key = max(count($preferred_order), count($cathegories)+1); $cathegories[$key] = $cath; } } $dir->close(); ksort( $cathegories ); // ================================================================== // Level listing // ================================================================== if ( !isset($_GET["l"]) || !isset($_GET["c"]) ) { if ( !isset($_GET["c"]) ) $showCath = ''; else $showCath = '&c=' . $_GET["c"]; if ( $show_thumbs ) print "[hide thumbnails]
"; else print "[show thumbnails]
"; if ( !isset($_GET["c"])) { print "

Pick a cathegory\n

\n"; } else { print "[Back to cathegory list]
\n"; print "(Help: how to make 'play' link work)
\n"; while( list(,$c) = each( $cathegories )) { if ( $_GET["c"] == $c["name"] ) { $cnt = count($c["levels"]); print "

" . htmlentities( $c["name"] ) . " ($cnt)" . "

\n"; print "\n"; $i = $col_cnt = 0; while( list(,$l) = each( $c["levels"] )) { unset( $ldata ); $ldata = level_cache_get( $c["name"], $l, False ); $cnt = $ldata["totalcomments"]; if ( ($i++) % 2 ) $celcolor = "bgcolor='#B0B0B0'"; else $celcolor = "bgcolor='#A0A0A0'"; $jpg = htmlentities($c["name"]) . "/" . htmlentities($l) . ".jpg"; print "\n"; if ($col_cnt++ == 1 ) { print "\n"; $col_cnt = 0; $i++; // kludge to make coloring look like checkers. } } print "
\n"; if ( $show_thumbs )//additional column only when thumbs are shown { print "\n" . "
" . "". "thumbnail". "\n"; } print "". "". urlencode($l) . "\n"; if ( $cnt < 1 ) $cnt = "-"; print " ($cnt)
"; print """ . htmlentities($ldata["name"]) . ""
"; if ( strlen($ldata["difficulty"])) print "Difficulty:" . htmlentities($ldata["difficulty"]) . "
"; print "Pingus:" . intval($ldata["pingusmin"]) . "/" . intval($ldata["pingusmax"]) . "
"; if ( intval($ldata["playable"]) == 0 ) print "Not playable
"; if ( $cnt > 0 ) print "Rating:" . str_repeat( "*", intval($ldata["avgrating"])) . "
"; print " view third". " / half" . " / full
" . /*"play with Subversion" . " / 0.6 version" . "
";*/ "play level" . " (requires Pingus 0.6.1 or later)". "\n"; if ( $show_thumbs ) print "
\n"; print "
\n"; } } } } // ================================================================== // Info on certain level // ================================================================== else { $c = $_GET["c"]; $l = $_GET["l"]; $curlevelmd5 = FALSE; $levelfile = sandbox_check( "data/levels/$c/$l.pingus", "data/" ); if ( !is_file( $levelfile )) { print "

Level '" . htmlentities($c) . " / " . htmlentities($l) . "' not found.

\n"; print "

Back to level list

"; } else { print "

" . htmlentities($c) . " / " . htmlentities($l) . "

\n"; $curlevelmd5 = md5(implode("", file($levelfile))); $leveldata = level_cache_get( $c, $l, False ); if ( $leveldata["md5sum"] !== $curlevelmd5 ) $leveldata = level_cache_get( $c, $l, True ); $leveldata["totalcomments"] = 0; $leveldata["avgrating"] = 0; $leveldata["md5sum"] = $curlevelmd5; // Level description $tbl = Array( "Name" => htmlentities($leveldata["name"]), "Description" => htmlentities($leveldata["description"]), "Comment" => htmlentities($leveldata["comment"]), "Author" => str_replace("@", "PingusNoSpam@", htmlentities($leveldata["author"])), ); print( "\n" ); while( list($key,$val) = each( $tbl )) print("\n" . "\n"); // Basic info about the level $tbl = Array( "Pingus #" => $leveldata["pingusmin"] ." / " . $leveldata["pingusmax"], "Time" => $leveldata["time"], "Difficulty" => $leveldata["difficulty"], "Playable" => ($leveldata["playable"] == 1) ? "yes" : "no", ); $i = 0; while( list($key,$val) = each( $tbl )) { print(""); print (""); // Thumbnail if ( $i++ == 0) { $jpg = htmlentities($c) . "/" . htmlentities($l) . ".jpg"; print ("\n" ); } } print "
" . htmlentities($key) . "" . $val . "
" . $key . "\n" . htmlentities($val) . "\n". " thumbnail
\n". " see third /". " half / \n". " full size\n
". "play level" . " (requires Pingus 0.6.1 or later)
Actions\n"; // Number of actions reset( $leveldata ); while( list($k,$v) = each($leveldata)) { if ( substr($k,0,1)=="#" ) { $a = substr($k,1); $ac = trim($v); if ( strlen($ac) == 0 ) $ac = "?"; else $ac = htmlentities($ac); print ("$a x " . $ac . " "); } } print( "
\n" ); ?>
ERROR: Illegal level name."; exit; } if ( !is_dir("comments/$c/$l")) { @mkdir("comments/$c",0775); @mkdir("comments/$c/$l",0775); chmod("comments/$c",0775); chgrp("comments/$c","pingus"); chmod("comments/$c/$l",0775); chgrp("comments/$c/$l","pingus"); if ( !is_dir("comments/$c/$l")) { print ("ERROR: 'comments/$c/$l/' does not exist and ". "could not be created.\n"); exit; } } sandbox_check("comments/$c/$l", "comments/" ); $str = '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . ">\n" . "\n". " " . xmlentities(decode_html(stripslashes($_POST["author"]))) . "\n" . " " . xmlentities(decode_html(stripslashes($_POST["email"]))) . "\n" . " " . xmlentities("$c/$l") . "\n" . " " . xmlentities(stripslashes($_POST["levelmd5"])) . "\n" . " " . xmlentities(date("Y-m-d")) . "\n" . " \n" . " " . xmlentities(stripslashes($_POST["difficulty"])) . "\n" . " " . xmlentities(stripslashes($_POST["rating"])) . "\n" . " " . xmlentities(decode_html(stripslashes($_POST["comment"]))) . "\n" . "\n"; $filename = "comments/$c/$l/" . substr(md5($str),0,8) . ".pingus"; if ( !file_exists($filename) || is_writable($filename)) { if (!$fp = fopen($filename, 'w')) { print "ERROR: Cannot open file ($filename)\n"; exit; } if (!fwrite($fp, $str)) { print "ERROR: Cannot write to file ($filename)\n"; exit; } fclose($fp); chmod($filename, 0775); chgrp($filename,"pingus"); // Send email-notification if ( $mail_notify_enabled ) { $mailto = trim($leveldata["author"]); if ( isset($mail_forwards[$mailto])) $mailto = trim($mail_forwards[$mailto]); if ( $mailto !== null && strlen($mailto) > 0 && strpos($mailto,"@") > 0 ) { $repl = Array( "@SENDER" => decode_html(stripslashes($_POST["author"])) . " <" . decode_html(stripslashes($_POST["email"])) . ">", "@CATHEGORY" => $c, "@LEVEL" => $l, "@TO" => $mailto, "@RATING" => str_repeat( "*", intval(stripslashes($_POST["rating"]))), "@DIFFICULTY" => stripslashes($_POST["difficulty"]), "@COMMENTS" => stripslashes(decode_html($_POST["comment"])) ); mail( $mailto, str_replace(array_keys($repl), array_values($repl), $mail_subject), str_replace(array_keys($repl), array_values($repl), $mail_message), "From: $mail_from\r\n" ."Reply-To: $mail_replyto\r\n" ."X-Mailer: PHP/" . phpversion()); } } } else print "ERROR: File $filename is not writable\n"; } // ================================================================== // Delete comment // ================================================================== if ( ($is_admin || $is_user) && isset($_GET["delcomment"])) { sandbox_check($_GET["delcomment"], "comments/" ); unlink($_GET["delcomment"]); // Also try to remove the directories but don't mind if it fails: @rmdir("comments/$c/$l"); @rmdir("comments/$c"); print "

Deleted '" . htmlentities($_GET["delcomment"]) . "'

"; } // ================================================================== // Delete demo file and metafile // ================================================================== if ( ($is_admin || $is_user) && isset($_GET["deldemo"])) { sandbox_check($_GET["deldemo"], "comments/" ); $demos = parse_level_demos( $c, $l ); while( list(,$cmt) = each($demos)) { if ($_GET["deldemo"] == $cmt["filename"]) { //delete demofile and metafile unlink( "comments/$c/$l/demos/".$cmt["demofile"] ); unlink( $_GET["deldemo"] ); } } // Also try to remove the directories but don't mind if it fails: @rmdir("comments/$c/$l/demos"); @rmdir("comments/$c/$l"); @rmdir("comments/$c"); print "

Deleted '" . htmlentities($_GET["deldemo"]) . "'

"; } // ================================================================== // Save uploaded Demofile // ================================================================== if ( $_POST["adddemo"] == 1) { //create directory if necessary if ( !is_dir("comments/$c/$l/demos")) { @mkdir("comments/$c", 0777); @mkdir("comments/$c/$l", 0777); @mkdir("comments/$c/$l/demos", 0777); chmod("comments/$c",0775); chgrp("comments/$c","pingus"); chmod("comments/$c/$l",0775); chgrp("comments/$c/$l","pingus"); chmod("comments/$c/$l/demos",0775); chgrp("comments/$c/$l/demos","pingus"); if ( !is_dir("comments/$c/$l/demos")) { print ("ERROR: 'comments/$c/$l/demos' does not exist and ". "could not be created.\n"); exit; } } $uploaddir = sandbox_check( "comments/$c/$l/demos", "comments/" ); if(!strpos( strtolower( $_FILES["demofile"]["name"] ), ".xml" )) print(" Please upload only .xml files
"); else { if (move_uploaded_file($_FILES['demofile']['tmp_name'], $uploaddir. '/' . $_FILES['demofile']['name'])) { chmod( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], 0775 ); chgrp( "comments/$c/$l/demos/" . $_FILES['demofile']['name'], "pingus" ); print("File uploaded successfully
"); $str = '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . ">\n" . "\n". " " . xmlentities(decode_html(stripslashes($_POST["username"]))) . "\n" . " " . xmlentities(decode_html(stripslashes($_POST["email"]))) . "\n" . " " . xmlentities("$c/$l") . "\n" . " " . xmlentities(stripslashes($_POST["levelmd5"])) . "\n" . " " . xmlentities(date("Y-m-d")) . "\n" . " \n" . " " . xmlentities( $_FILES['demofile']['name'] ) . "\n" . "\n"; $filename = "comments/$c/$l/demos/" . substr(md5($str),0,8) . ".demo"; if ( !file_exists($filename) || is_writable($filename)) { if (!$fp = fopen($filename, 'w')) { print "ERROR: Cannot open file ($filename)\n"; exit; } if (!fwrite($fp, $str)) { print "ERROR: Cannot write to file ($filename)\n"; exit; } fclose($fp); chmod($filename, 0775); chgrp($filename, "pingus"); } } else { print("error:"); print_r($_FILES); print("
"); } } } // ================================================================== // List user comments and demo files // ================================================================== if (isset( $_GET["o"] )) //determine order of comments { $comments = parse_level_comments($c, $l, $_GET["o"]); if ($_GET["o"] == "ASC") $OrderLink = " (revert order)"; else $OrderLink = " (revert order)"; } else { $comments = parse_level_comments($c, $l, "ASC"); $OrderLink = " (revert order)"; } $showComments = False; $showDemos = False; if ( count($comments) > 0 ) { $showComments = True; while( list(,$cmt) = each($comments)) { $leveldata["totalcomments"]++; $rating = intval($cmt["rating"]); $leveldata["avgrating"] += $rating; if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"]) ) $del_link = " [del]\n"; $str = "

From: " . htmlentities($cmt["author"]) . " <" . str_replace("@", "PingusNoSpam@", htmlentities($cmt["email"])) . ">, Date: " . htmlentities($cmt["date"]) . ", Time: " . htmlentities($cmt["time"]) . "
\n" . "Difficulty: " . htmlentities($cmt["difficulty"]) . "\n" . ", Rating: " . str_repeat( "*", intval($rating)) . $del_link . "
\n" . "\n" . str_replace( "\n", "
\n", htmlentities($cmt["comment"])) . "

\n"; if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5)) $new_comments_text .= $str; else $old_comments_text .= $str; } } $demos = parse_level_demos( $c, $l ); if ( count($demos) > 0 ) { $showDemos = True; $del_link=""; while( list(,$cmt) = each($demos)) { $leveldata["totaldemos"]++; if ( $is_admin || ($is_user && $user_data["email"] == $cmt["email"])) $del_link = " - [del]\n"; $str = "

From: " . htmlentities($cmt["username"]) . " <" . str_replace("@", "PingusNoSpam@", htmlentities($cmt["email"])) . ">
Date: " . htmlentities($cmt["date"]) . ", Time: " . htmlentities($cmt["time"]) . "
\n" . "Demofile: " . $cmt["demofile"] . "$del_link
\n" . "

\n"; if (strtolower($cmt["levelmd5"]) == strtolower($curlevelmd5)) $new_demos_text .= $str; else $old_demos_text .= $str; } } print("
"); if ($showComments) print ("" . "

Comments

$OrderLink
\n" . $new_comments_text . "

Comments for older version(s)

\n" . $old_comments_text); else print ("No comments for this level yet!"); print("		"); if ($showDemos) print ("

Demo Files

\n" . $new_demos_text . "

Demos for older version(s)

\n" . $old_demos_text); else print ("No Demos for this level yet!"); print ("
"); // Calc avg rating if ( $leveldata["totalcomments"] > 0 ) $leveldata["avgrating"] = round($leveldata["avgrating"] / $leveldata["totalcomments"]); // Save cache entry level_cache_save( $c, $l, $leveldata ); // Allow overriding level md5 sum in GET parameters $levelmd5 = $curlevelmd5; if ( isset( $_GET["levelmd5"] )) $levelmd5 = $_GET["levelmd5"]; if ($is_user) { $input_name = ''; $input_mail = ''; } else { $input_name = ''; $input_mail = ''; } ?>

Add a comment:

"> ">
Your name
Your email
Difficulty
Rating
Comments

Upload a demofile:

"> ">
Your name >
Your email >
Demofile
Back to level list

"; if ( !$is_admin && !$is_user) { $params = get_params(); print "
admin login
"; } } } close_cache(); ?>
Pingus level comment tool © 2003, 2004 by Jarno Elonen, Licensed under the Modified BSD License