root/dev/common/admin/admin_sync.php @ 192

Revision 192, 6.4 KB (checked in by exi, 15 years ago)

Fixed several potential security issues with unchecked variables.
Added .htaccess files to common/ and mods/.
Modified the sync module to not send item data anymore.

Line 
1<?php
2require_once('common/includes/class.page.php');
3require_once('common/includes/class.contract.php');
4require_once('common/includes/class.http.php');
5
6$page = new Page();
7$page->setAdmin();
8$page->setTitle('Administration - Synchronization');
9
10if ($_REQUEST['do'] == 'sync')
11{
12    $http = new http_request(KB_SYNCURL);
13    $fp = $http->connect();
14    if (!$fp)
15    {
16        $html .= 'Could not connect to Server:<br/>'."\n";
17        $html .= $http->getError();
18
19        $page->addContext($menubox->generate());
20        $page->setContent($html);
21        $page->generate();
22        return;
23    }
24
25    $content_file = 'DATA_START';
26    $qry = new DBQuery();
27    $qry->execute("select plt_name, plt_externalid from kb3_pilots where plt_externalid != 0");
28    while ($data = $qry->getRow())
29    {
30        $content_file .= '!'.$data['plt_name'].'|'.$data['plt_externalid'].'-';
31    }
32
33    if (isset($_REQUEST['itm_update']))
34    {
35        $content_file .= 'ITEMS_START';
36    }
37    /*
38    $qry->execute("select itm_name, itm_externalid, itm_value from kb3_items where itm_value != 0");
39    while ($data = $qry->getRow())
40    {
41        $content_file .= '§'.$data['itm_name'].'|'.$data['itm_externalid'].'|'.$data['itm_value'].'-';
42    }
43    */
44
45    $content_file = gzdeflate($content_file);
46
47    $http->set_postdata('data', $content_file);
48    $http->set_useragent('EVE-KB SYNC (VER '.KB_VERSION.')');
49    $http->set_header('X-KBHost: '.base64_encode(KB_HOST));
50
51    // wait 30s for processed answer
52    $http->setSockettimeout(30);
53    $file = $http->get_content();
54    $header = $http->get_header();
55
56    preg_match('/X-KBVersion: (.*)/', $header, $match);
57    $version = explode('.', trim($match[1]));
58    $recv = $http->get_recv();
59    $sended = $http->get_sent();
60
61    // the response ($file) contains ids new to us
62    $data = @gzinflate($file);
63    if ($data == false)
64    {
65        if ($http->status['timed_out'] == 1)
66        {
67            $html .= "Socket request timed out<br/>\n";
68            $html .= 'This could mean that the server is not available or overloaded, please try again later<br/>';
69        }
70        else
71        {
72            $html .= "getting compressed data failed, server response was:<br><pre>\n";
73            $html .= $file."</pre>\n";
74            $html .= 'Sent '.round($sended/1024, 2)." kB and received ".round($recv/1024, 2)." kB of data.<br>\n";
75        }
76    }
77    else
78    {
79        unset($file);
80
81        // get all names we'll find
82        preg_match_all('^!(.*?)\|(.*?)-^', $data, $matches);
83        $results = count($matches[1]);
84        $update = new DBQuery();
85        $new = 0;
86        for ($i = 0; $i<$results; $i++)
87        {
88            $update->execute("update kb3_pilots set plt_externalid='".addslashes($matches[2][$i])."' where plt_name='".addslashes($matches[1][$i])."' limit 1");
89            if (mysql_affected_rows() == 1)
90            {
91                $new++;
92            }
93        }
94        $html .= "Synchronization complete, got $new new ids and ".($results - $new)." unknown pilots from server running version ".$version[0].'.'.$version[1].'.'.$version[2].'.<br/>';
95
96        if (isset($_REQUEST['itm_update']))
97        {
98            preg_match_all('^§(.*?)\|(.*?)\|(.*?)-^', $data, $matches);
99            unset($data);
100            $results = count($matches[1]);
101            if (isset($_REQUEST['itm_overwrite']))
102            {
103                $add_qrystr = '';
104            }
105            else
106            {
107                $add_qrystr = ' AND itm_value=0';
108            }
109
110            for ($i = 0; $i<$results; $i++)
111            {
112                $update->execute("update kb3_items set itm_externalid='".addslashes($matches[2][$i])."', itm_value='".addslashes($matches[3][$i])."' where itm_name='".addslashes($matches[1][$i])."'".$add_qrystr." limit 1");
113            }
114            if ($results == 0)
115            {
116                $html .= 'No items fetched, itm_sync_module may be offline.<br/>';
117            }
118            else
119            {
120                $html .= $results.' item prices have been fetched.<br/>';
121            }
122        }
123
124        $html .= "Sent ".round($sended/1024, 2)." kB and received ".round($recv/1024, 2)." kB of data.<br>\n";
125        $html .= '<a href="?a=admin_sync">Back</a>';
126
127        // check for updates here
128        // we might move this to a new/second point some time
129        $ownversion = explode('.', KB_VERSION);
130        if ($version[1] > $ownversion[1] && $version[1] % 2 == 1)
131        {
132            // test for new minor updates below the dev-version
133            if ($version[1]-1 > $ownversion[1])
134            {
135                $upgrade = true;
136            }
137        }
138        elseif ($version[1] > $ownversion[1] && $version[1] % 2 == 0)
139        {
140            // we get here in case there is a new minor version thats not a dev
141            $upgrade = true;
142        }
143        if ($version[0] > $ownversion[0] || $upgrade)
144        {
145            $html .= "Looks like your Killboard version is pretty old, perhaps you want to upgrade it ?<br/>\n";
146            $html .= "Check the <a href='http://www.eve-dev.net/forums/viewforum.php?f=2'>EVE-Dev Forums</a> for new releases and additional information<br>\n";
147        }
148    }
149}
150else
151{
152    $html .= 'You can synchronize your external characterids for the portrait generation with the EVE-Dev.org-Server here.<br>';
153    $html .= 'Your Server will try to contact <i>"'.KB_SYNCURL.'"</i> to exchange the data.<br>';
154    $html .= 'One synchronization every one or two weeks should be enough.<br>';
155    $html .= 'Please don\'t abuse this free service!<br>';
156    $html .= '<form id="options" name="options" method="post" action="?a=admin_sync">';
157    $html .= "<table class=kb-subtable>";
158    $html .= "<tr><td width=120><b>Update item values</b></td><td><input type=checkbox name=itm_update id=itm_update";
159    $html .= " ></td></tr>";
160    $html .= "<tr><td width=120><b>Overwrite local values</b></td><td><input type=checkbox name=itm_overwrite id=itm_overwrite";
161    $html .= " >(If disabled only values with 0 will be overwritten)</td></tr>";
162    $html .= '<input type="hidden" name="do" value="sync">';
163    $html .= '<tr><td width=120></td><td><input type=submit name=submit value="Synchronize now"></td></tr></table></form>';
164}
165$page->addContext($menubox->generate());
166$page->setContent($html);
167$page->generate();
168?>
Note: See TracBrowser for help on using the browser.