-
Notifications
You must be signed in to change notification settings - Fork 0
/
create_guest.php
56 lines (34 loc) · 1.17 KB
/
create_guest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
require_once dirname(__FILE__).'/libs/config.php';
//error_reporting(E_ALL);
//ini_set('display_errors','1');
_require_login();
if(!empty($_POST['action'])) {
$user = _get_user_array();
if(!$user['can_create_guests']){
echo 'Not authorized';
exit;
}
switch ($_POST['action']) {
case 'create':
$expires_hours = intval($_POST['expires']);
$remaining_actions = intval($_POST['remaining_actions']);
if($remaining_actions < -1 || $remaining_actions > 100)
$remaining_actions = -1;
if($expires_hours < 1 || $expires_hours > 168)
$expires_hours = 1;
$hash = md5($user['id']." SECRET ".microtime()."AA".$expires_hours."XX".$remaining_actions);
$db->query('INSERT INTO guests SET user_id=#, hash=?, expires=DATE_ADD(NOW(), INTERVAL # HOUR ), remaining_actions=#',$user['id'], $hash, $expires_hours, $remaining_actions);
$smarty->assign('success_link', 'https://'.$_SERVER['HTTP_HOST'].'/?guest='.$hash);
break;
}
}
$user = _get_user_array();
if(!$user['can_create_guests']){
echo 'Not authorized';
exit;
}
$smarty->assign('user', $user);
$smarty->assign('permissions', _get_permissions());
$smarty->display('create_guest.tpl');
?>