Issues in index.php (master) - Issues in master - Cyberbyte-Studios/CyberWorks - Measure and Improve Code Quality continuously with Scrutinizer

Issues (501)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

index.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
error_reporting(0);
//error_reporting(E_ALL); // Turn on for error messages

session_name('CyberWorks');
session_set_cookie_params(1209600);
session_start();

require_once("classes/csrf.php");
ob_start();

if (version_compare(PHP_VERSION, '5.3.7', '<')) {
    errorMessage(1, $lang);
} else if (version_compare(PHP_VERSION, '5.5.0', '<')) {
    require_once("classes/password.php");
}

if (file_exists('config/settings.php')) {
    $settings = require_once 'config/settings.php';

    if (isset($settings['playerColumn'])) {
        $playerIdColumn = $settings['playerColumn'];
    } else {
        $playerIdColumn = 'playerid';
    }

    require_once("classes/login.php");
    $login = new Login();

    require_once("classes/googleAuth.php");
    $gauth = new PHPGangsta_GoogleAuthenticator();

    if ($settings['language'] == 'en') {
        include_once('config/english.php');        
    } else if ($settings['language'] == 'de') {
        include_once('config/german.php');        
    } else if ($settings['language'] == 'fr') {
        include_once('config/french.php');
    }

    foreach ($settings['plugins'] as &$plugin) {
        if (file_exists("plugins/" . $plugin . "/lang/lang.php")) {
            include("plugins/" . $plugin . "/lang/lang.php");
        }
    }

    if (file_exists('views/debug')) {
        include("views/debug/init.php");
    } else {
        $debug = false;
    }

    if (isset($_GET['searchText'])) {
        $search = $_GET['searchText'];
    }
    require_once("gfunctions.php");

    include "classes/update.php";

    $url = (parse_url($_SERVER['REQUEST_URI']));
    $url['path'] = str_replace('.php', '', $url['path']);
    $url['path'] = explode('/', $url['path']);

    $url['path'][$settings['base']] = strtolower($url['path'][$settings['base']]);
    if (count($url['path']) > $settings['base'] + 1 && $url['path'][$settings['base'] + 1] <> '') {
        $query = true;
        $url['path'][$settings['base'] + 1] = str_replace("%20", " ", $url['path'][$settings['base'] + 1]);
    } else {
        $query = false;
    }

    $db_connection = masterConnect();
    $currentPage = $url['path'][$settings['base']];

    if (isset($_GET["page"])) {
        $pageNum = clean($_GET["page"], 'int');
        if ($pageNum < 1) {
            $pageNum = 1;
        }
    } else {
        $pageNum = 1;
    }

    $key = 0;
    foreach ($settings['plugins'] as &$plugin) {
        if (file_exists("plugins/" . $plugin . "/plugin.json")) {
            if (file_exists("plugins/" . $plugin . "/init.php")) {
                include("plugins/" . $plugin . "/init.php");
            }
        } else {
            if (array_count_values($settings['plugins']) <= 1) {
                $settings['plugins'] = array();
            } else {
                unset($settings['plugins'][$key]);
            } //todo: lang support when deleted

        }
        $key++;
    }

    if (!$db_connection->connect_errno) {
        if ($login->isUserLoggedIn() == true) {


           if ($_SESSION['multiDB'] && isset($_POST['dbid']) && isset($_POST['type'])) {
                $_SESSION['server_type'] = $_POST['type'];
                $_SESSION['dbid'] = $_POST['dbid'];
            }

            if (!isset($_SESSION['formtoken'])) {
                formtoken::generateToken();
            }
            if ($_SESSION['formtoken'][1] < time() - 600) {
                formtoken::generateToken();
            }
            $_SESSION['formtoken'][1] = time();

            if (isset($_GET['items'])) {
                if (in_array($_GET['items'],$settings['item'])) {
                    $sql = "UPDATE `users` SET `items` = " . $_GET['items'] . " WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
                    $db_connection->query($sql);
                    $_SESSION['items'] = intval($_GET['items']);
                }
            }

            $err = errorMessage(4, $lang);
            $page = "views/templates/error.php";

            if ($currentPage == '' || $currentPage == 'index' || $currentPage == 'dashboard') {
                if (isset($_SESSION['server_type'])) {
                    if ($_SESSION['server_type'] == 'life') {
                        if ($_SESSION['steamsignon'] || $_SESSION['user_level'] == 1) {
                            $page = "views/steam/life/dashboard.php";
                        } else {
                            $page = "views/life/dashboard.php";
                        }
                    } elseif ($_SESSION['server_type'] == 'waste') {
                        if ($_SESSION['steamsignon'] || $_SESSION['user_level'] == 1) {
                            $page = "views/steam/waste/dashboard.php";
                        } else {
                            $page = "views/waste/dashboard.php";
                        }
                    } elseif (isset($_SESSION['user_email'])) {
                        if ($_SESSION['user_level'] == 1) {
                            $page = "views/steam/dashboard.php";
                        } else {
                            $page = "views/core/dashboard.php";
                        }
                    } else {
                        $page = "views/steam/dashboard.php";
                    }
                } elseif (isset($_SESSION['user_email'])) {
                    if ($_SESSION['user_level'] == 1) {
                        $page = "views/steam/dashboard.php";
                    } else {
                        $page = "views/core/dashboard.php";
                    }
                } else {
                    $page = "views/steam/dashboard.php";
                }
            } elseif (isset($_SESSION['server_type'])) {
                if ($_SESSION['server_type'] == 'life' && !$_SESSION['steamsignon']) {

                    if ($currentPage == 'messages') {
                        if ($settings['sql_phone']) {
                            if ($_SESSION['permissions']['view']['messages']) {
                                if ($query) {
                                    $search = $url['path'][$settings['base'] + 1];
                                }
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/messages.php";
                            } else {
                                $err = errorMessage(5, $lang);
                                $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'messages'", 3);
                            }
                        }

                    } elseif ($currentPage == 'players') {
                        if ($_SESSION['permissions']['view']['player']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/players.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'players'", 3);
                        }

                    } elseif ($currentPage == 'editplayer') {
                        if ($_SESSION['permissions']['edit']['player']) {
                            if ($query) {
                                $uID = $url['path'][$settings['base'] + 1];
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/editPlayer.php";
                            } else {
                                $err = errorMessage(8, $lang);
                                $page = "views/templates/error.php";
                            }
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                        }

                    } elseif ($currentPage == 'vehicles') {
                        if ($_SESSION['permissions']['view']['vehicles']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/vehicles.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'vehicles'", 3);
                        }

                    } elseif ($currentPage == 'editveh') {
                        if ($_SESSION['permissions']['edit']['vehicles']) {
                            if ($query) {
                                $vehID = $url['path'][$settings['base'] + 1];
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/editVeh.php";
                            } else {
                                $err = errorMessage(8, $lang);
                                $page = "views/templates/error.php";
                            }
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editVeh'", 3);
                        }

                    } elseif ($currentPage == 'medic') {
                        if ($_SESSION['permissions']['view']['player']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/medics.php";
                        }
                    } elseif ($currentPage == 'admins') {
                        if ($_SESSION['permissions']['view']['player']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/admins.php";
                        }
                    }  elseif ($currentPage == 'police') {
                        if ($_SESSION['permissions']['view']['player']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/police.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'houses'", 3);
                        }

                    } elseif ($currentPage == 'houses') {
                        if ($_SESSION['permissions']['view']['houses']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/houses.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'houses'", 3);
                        }

                    } elseif ($currentPage == 'edithouse') {
                        if ($_SESSION['permissions']['edit']['houses']) {
                            if ($query) {
                                $hID = $url['path'][$settings['base'] + 1];
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/editHouse.php";
                            } else {
                                $err = errorMessage(8, $lang);
                                $page = "views/templates/error.php";
                            }
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editHouse'", 3);
                        }

                    } elseif ($currentPage == 'gangs') {
                        if ($_SESSION['permissions']['view']['gangs']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " 'gangs'", 1);
                            $page = "views/life/gangs.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'gangs'", 3);
                        }

                    } elseif ($currentPage == 'editgang') {
                        if ($_SESSION['permissions']['edit']['gangs']) {
                            if ($query) {
                                $gID = $url['path'][$settings['base'] + 1];
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/editGang.php";
                            } else {
                                $err = errorMessage(8, $lang);
                                $page = "views/templates/error.php";
                            }
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editGang'", 3);
                        }

                    } elseif ($currentPage == 'wanted') {
                        if ($_SESSION['permissions']['view']['wanted']) {
                            if ($query) {
                                $search = $url['path'][$settings['base'] + 1];
                            }
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/life/wanted.php";
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'wanted'", 3);
                        }

                    } elseif ($currentPage == 'editwanted') {
                        if ($_SESSION['permissions']['edit']['wanted']) {
                            if ($query) {
                                $wantedID = $url['path'][$settings['base'] + 1];
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                                $page = "views/life/editWanted.php";
                            } else {
                                $err = errorMessage(8, $lang);
                                $page = "views/templates/error.php";
                            }
                        } else {
                            $err = errorMessage(5, $lang);
                            $page = "views/templates/error.php";
                            logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editWanted'", 3);
                        }
                    }

                } elseif ($_SESSION['server_type'] == 'life' && $_SESSION['steamsignon'] || $_SESSION['user_level'] == 1) {
                    if ($currentPage == 'cars') {
                        $page = "views/steam/life/cars.php";
                    } elseif ($currentPage == 'houses') {
                        $page = "views/steam/life/houses.php";
                    } elseif ($currentPage == 'editveh') {
                        if ($query) {
                            $vehID = $url['path'][$settings['base'] + 1];
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/steam/life/editVeh.php";
                        } else {
                            $err = errorMessage(8, $lang);
                            $page = "views/templates/error.php";
                        }
                    } elseif ($currentPage == 'edithouse') {
                        if ($query) {
                            $hID = $url['path'][$settings['base'] + 1];
                            logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
                            $page = "views/steam/life/editHouse.php";
                        } else {
                            $err = errorMessage(8, $lang);
                            $page = "views/templates/error.php";
                        }
                    }
                }
            }
            if ($currentPage == 'newdb' || $currentPage == 'newserver' || $currentPage == 'settings' || $currentPage == 'editstaff' || $currentPage == 'staff' || $currentPage == 'pluginstore' || $currentPage == 'newuser' || $currentPage == 'logs') {
                if (isset($_POST['passTest'])) {
                    $sql = "SELECT user_password_hash FROM users WHERE user_id = '" . $_SESSION['user_id'] . "';";
                    $pass = $db_connection->query($sql)->fetch_object()->user_password_hash;
                    if (password_verify($_POST['passTest'], $pass)) {
                        $_SESSION['sudo'] = time();
                    } else {
                        message($lang['incorrectPass']);
                    }
                }
                if ($_SESSION['sudo'] + 10800 < time()) {
                        $page = "views/core/sudo.php";
                    } else {
                        if ($currentPage == 'newdb') {
                            if ($_SESSION['permissions']['super_admin']) {
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/newDB.php";
                            } else {
                                $err = errorMessage(5, $lang);
                                $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newDB'", 3);
                            }
                        } elseif ($currentPage == 'newserver') {
                            if ($_SESSION['permissions']['super_admin']) {
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/newServer.php";
                            } else {
                                $err = errorMessage(5, $lang);
                                $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newServer'", 3);
                            }

                        } elseif ($currentPage == 'settings') {
                            if ($_SESSION['permissions']['super_admin']) {
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/settings.php";
                            } else {
                                $err = errorMessage(5, $lang);
                                $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'settings'", 3);
                            }

                        } elseif ($currentPage == 'editstaff') {
                            if ($_SESSION['permissions']['edit']['staff']) {
                                if ($query) {
                                    $uId = $url['path'][$settings['base'] + 1];
                                    logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                    $page = "views/core/editStaff.php";
                                } else {
                                    $err = errorMessage(8, $lang);
                                    $page = "views/templates/error.php";
                                }
                            } else {
                                $err = errorMessage(5, $lang); $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editStaff'", 3);
                            }
                        } elseif ($currentPage == 'staff') {
                            if ($_SESSION['permissions']['view']['staff']) {
                                if ($query) {
                                    $search = $url['path'][$settings['base'] + 1];
                                }
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/staff.php";
                            } else {
                                $err = errorMessage(5, $lang); $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'staff'", 3);
                            }

                        } elseif ($currentPage == 'pluginstore') {
                            if ($_SESSION['permissions']['super_admin']) {
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/pluginstore.php";
                            } else {
                                $err = errorMessage(5, $lang); $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'pluginstore'", 3);
                            }

                        } elseif ($currentPage == 'newuser') {
                            if ($_SESSION['permissions']['edit']['staff']) {
                                require_once("classes/registration.php");
                                $registration = new Registration();
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/newUser.php";
                            } else {
                                $err = errorMessage(5, $lang); $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newUser'", 3);
                            }

                        } elseif ($currentPage == 'logs' && $settings['logging']) {
                            if ($_SESSION['permissions']['view']['logs']) {
                                if ($query) {
                                    $search = $url['path'][$settings['base'] + 1];
                                }
                                logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                                $page = "views/core/logs.php";
                            } else {
                                $err = errorMessage(5, $lang); $page = "views/templates/error.php";
                                logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'noPerm'", 3);
                            }
                        }
                    }
            }

            if ($currentPage == 'curplayers') {
                if ($_SESSION['permissions']['view']['curplayer']) {
                    if ($query) {
                        $sid = $url['path'][$settings['base'] + 1];
                        logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                        $page = "views/core/curPlayers.php";
                    } else {
                        $err = errorMessage(8, $lang);
                        $page = "views/templates/error.php";
                    }
                }
            } elseif ($currentPage == 'servers') {
                if ($_SESSION['permissions']['super_admin']) {
                    logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                    $page = "views/core/servers.php";
                }
            } elseif ($currentPage == 'editserver') {
                if ($_SESSION['permissions']['super_admin']) {
                    if ($query) {
                        $id = $url['path'][$settings['base'] + 1];
                        logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
                        $page = "views/core/editServer.php";
                    } else {$err = errorMessage(8, $lang); $page = "views/templates/error.php"; }
                } else {$err = errorMessage(5, $lang); $page = "views/templates/error.php"; }
            }
            foreach ($settings['plugins'] as &$plugin) {
                if (file_exists("plugins/" . $plugin . "/pageRules.php")) {
                    include("plugins/" . $plugin . "/pageRules.php");
                }
            }

            if ($currentPage == '2factor' && isset($_SESSION['user_email'])) {
                $page = 'views/core/2factor.php';
            } elseif ($currentPage == 'donate') {
                $page = 'views/core/donate.php';
            }

            if ($currentPage == 'profile') {
                if (isset($_SESSION['user_email'])) {
                    $page = "views/core/profile.php";
                }
            }

            if ($currentPage == 'register') {
                if ($settings['register']) {
                    require_once("classes/GuestReg.php");
                    $GuestReg = new GuestReg();
                    $page = "views/core/register.php";
                }
            }
            if ($settings['2factor']) {
                if ($_SESSION['2factor'] == 0) {
                if ($settings['force2factor'] == 'steam') {
                    if (!$_SESSION['steamsignon']) $_SESSION['2factor'] == 5;
                } elseif ($settings['force2factor'] == 'all') $_SESSION['2factor'] == 5;
                    $page = 'views/core/2factor.php';
                } elseif ($_SESSION['2factor'] == 1 || $_SESSION['2factor'] == 3) {
                if (isset($_POST['code'])) {
                    $sql = "SELECT `twoFactor` FROM `users` WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
                    $user = $db_connection->query($sql)->fetch_object();
                    if ($gauth->verifyCode($user->twoFactor, $_POST['code'])) $_SESSION['2factor'] = 2;
                    else {
                    $sql = "SELECT `backup` FROM `users` WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
                    $user = $db_connection->query($sql)->fetch_object();
                    if ($user->backup == $_POST['code']) {
                        $_SESSION['2factor'] = 2;
                    } else {
                        $_SESSION['2factor'] = 3;
                        $page = 'views/core/2factor.php';
                    }
                    }
                } else $page = 'views/core/2factor.php';
                }
            }

            if ($debug) {
                if ($currentPage == 'debug') {
                    $page = "views/debug/debug.php";
                } elseif ($currentPage == 'phpinfo') {
                    $page = "views/debug/phpinfo.php";
                } elseif ($currentPage == 'debuglogs') {
                    $page = "views/debug/logs.php";
                } elseif ($currentPage == 'phplogs') {
                    $page = "views/debug/phplogs.php";
                }
            }
            include("views/templates/template.php");
        } else {
            include("views/core/login.php");
        }
    } else {
        $err = errorMessage(2, $lang);
    }
} else {
    include ('views/firstTime.php');
}


1		<?php
2		error_reporting(0);
3		//error_reporting(E_ALL); // Turn on for error messages
4
5		session_name('CyberWorks');
6		session_set_cookie_params(1209600);
7		session_start();
8
9		require_once("classes/csrf.php");
10		ob_start();
11
12		if (version_compare(PHP_VERSION, '5.3.7', '<')) {
13		errorMessage(1, $lang);
14		} else if (version_compare(PHP_VERSION, '5.5.0', '<')) {
15		require_once("classes/password.php");
16		}
17
18		if (file_exists('config/settings.php')) {
19		$settings = require_once 'config/settings.php';
20
21		if (isset($settings['playerColumn'])) {
22		$playerIdColumn = $settings['playerColumn'];
23		} else {
24		$playerIdColumn = 'playerid';
25		}
26
27		require_once("classes/login.php");
28		$login = new Login();
29
30		require_once("classes/googleAuth.php");
31		$gauth = new PHPGangsta_GoogleAuthenticator();
32
33		if ($settings['language'] == 'en') {
34		include_once('config/english.php');
35		} else if ($settings['language'] == 'de') {
36		include_once('config/german.php');
37		} else if ($settings['language'] == 'fr') {
38		include_once('config/french.php');
39		}
40
41	View Code Duplication	foreach ($settings['plugins'] as &$plugin) {
42		if (file_exists("plugins/" . $plugin . "/lang/lang.php")) {
43		include("plugins/" . $plugin . "/lang/lang.php");
44		}
45		}
46
47		if (file_exists('views/debug')) {
48		include("views/debug/init.php");
49		} else {
50		$debug = false;
51		}
52
53		if (isset($_GET['searchText'])) {
54		$search = $_GET['searchText'];
55		}
56		require_once("gfunctions.php");
57
58		include "classes/update.php";
59
60		$url = (parse_url($_SERVER['REQUEST_URI']));
61		$url['path'] = str_replace('.php', '', $url['path']);
62		$url['path'] = explode('/', $url['path']);
63
64		$url['path'][$settings['base']] = strtolower($url['path'][$settings['base']]);
65		if (count($url['path']) > $settings['base'] + 1 && $url['path'][$settings['base'] + 1] <> '') {
66		$query = true;
67		$url['path'][$settings['base'] + 1] = str_replace("%20", " ", $url['path'][$settings['base'] + 1]);
68		} else {
69		$query = false;
70		}
71
72		$db_connection = masterConnect();
73		$currentPage = $url['path'][$settings['base']];
74
75		if (isset($_GET["page"])) {
76		$pageNum = clean($_GET["page"], 'int');
77		if ($pageNum < 1) {
78		$pageNum = 1;
79		}
80		} else {
81		$pageNum = 1;
82		}
83
84		$key = 0;
85		foreach ($settings['plugins'] as &$plugin) {
86		if (file_exists("plugins/" . $plugin . "/plugin.json")) {
87		if (file_exists("plugins/" . $plugin . "/init.php")) {
88		include("plugins/" . $plugin . "/init.php");
89		}
90		} else {
91		if (array_count_values($settings['plugins']) <= 1) {
92		$settings['plugins'] = array();
93		} else {
94		unset($settings['plugins'][$key]);
95		} //todo: lang support when deleted
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker. Loading history...
96		}
97		$key++;
98		}
99
100		if (!$db_connection->connect_errno) {
101		if ($login->isUserLoggedIn() == true) {
		0 ignored issues – show Coding Style Best Practice introduced 2015-12-23 09:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
102
103		if ($_SESSION['multiDB'] && isset($_POST['dbid']) && isset($_POST['type'])) {
104		$_SESSION['server_type'] = $_POST['type'];
105		$_SESSION['dbid'] = $_POST['dbid'];
106		}
107
108		if (!isset($_SESSION['formtoken'])) {
109		formtoken::generateToken();
110		}
111		if ($_SESSION['formtoken'][1] < time() - 600) {
112		formtoken::generateToken();
113		}
114		$_SESSION['formtoken'][1] = time();
115
116		if (isset($_GET['items'])) {
117		if (in_array($_GET['items'],$settings['item'])) {
118		$sql = "UPDATE `users` SET `items` = " . $_GET['items'] . " WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
119		$db_connection->query($sql);
120		$_SESSION['items'] = intval($_GET['items']);
121		}
122		}
123
124		$err = errorMessage(4, $lang);
125		$page = "views/templates/error.php";
126
127		if ($currentPage == '' \|\| $currentPage == 'index' \|\| $currentPage == 'dashboard') {
128		if (isset($_SESSION['server_type'])) {
129		if ($_SESSION['server_type'] == 'life') {
130	View Code Duplication	if ($_SESSION['steamsignon'] \|\| $_SESSION['user_level'] == 1) {
131		$page = "views/steam/life/dashboard.php";
132		} else {
133		$page = "views/life/dashboard.php";
134		}
135		} elseif ($_SESSION['server_type'] == 'waste') {
136	View Code Duplication	if ($_SESSION['steamsignon'] \|\| $_SESSION['user_level'] == 1) {
137		$page = "views/steam/waste/dashboard.php";
138		} else {
139		$page = "views/waste/dashboard.php";
140		}
141	View Code Duplication	} elseif (isset($_SESSION['user_email'])) {
142		if ($_SESSION['user_level'] == 1) {
143		$page = "views/steam/dashboard.php";
144		} else {
145		$page = "views/core/dashboard.php";
146		}
147		} else {
148		$page = "views/steam/dashboard.php";
149		}
150	View Code Duplication	} elseif (isset($_SESSION['user_email'])) {
151		if ($_SESSION['user_level'] == 1) {
152		$page = "views/steam/dashboard.php";
153		} else {
154		$page = "views/core/dashboard.php";
155		}
156		} else {
157		$page = "views/steam/dashboard.php";
158		}
159		} elseif (isset($_SESSION['server_type'])) {
160		if ($_SESSION['server_type'] == 'life' && !$_SESSION['steamsignon']) {
161
162		if ($currentPage == 'messages') {
163		if ($settings['sql_phone']) {
164		if ($_SESSION['permissions']['view']['messages']) {
165		if ($query) {
166		$search = $url['path'][$settings['base'] + 1];
167		}
168		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
169		$page = "views/life/messages.php";
170		} else {
171		$err = errorMessage(5, $lang);
172		$page = "views/templates/error.php";
173		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'messages'", 3);
174		}
175		}
176
177		} elseif ($currentPage == 'players') {
178		if ($_SESSION['permissions']['view']['player']) {
179		if ($query) {
180		$search = $url['path'][$settings['base'] + 1];
181		}
182		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
183		$page = "views/life/players.php";
184		} else {
185		$err = errorMessage(5, $lang);
186		$page = "views/templates/error.php";
187		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'players'", 3);
188		}
189
190	View Code Duplication	} elseif ($currentPage == 'editplayer') {
191		if ($_SESSION['permissions']['edit']['player']) {
192		if ($query) {
193		$uID = $url['path'][$settings['base'] + 1];
194		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
195		$page = "views/life/editPlayer.php";
196		} else {
197		$err = errorMessage(8, $lang);
198		$page = "views/templates/error.php";
199		}
200		} else {
201		$err = errorMessage(5, $lang);
202		$page = "views/templates/error.php";
203		}
204
205		} elseif ($currentPage == 'vehicles') {
206		if ($_SESSION['permissions']['view']['vehicles']) {
207		if ($query) {
208		$search = $url['path'][$settings['base'] + 1];
209		}
210		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
211		$page = "views/life/vehicles.php";
212		} else {
213		$err = errorMessage(5, $lang);
214		$page = "views/templates/error.php";
215		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'vehicles'", 3);
216		}
217
218		} elseif ($currentPage == 'editveh') {
219		if ($_SESSION['permissions']['edit']['vehicles']) {
220		if ($query) {
221		$vehID = $url['path'][$settings['base'] + 1];
222		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
223		$page = "views/life/editVeh.php";
224		} else {
225		$err = errorMessage(8, $lang);
226		$page = "views/templates/error.php";
227		}
228		} else {
229		$err = errorMessage(5, $lang);
230		$page = "views/templates/error.php";
231		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editVeh'", 3);
232		}
233
234		} elseif ($currentPage == 'medic') {
235		if ($_SESSION['permissions']['view']['player']) {
236		if ($query) {
237		$search = $url['path'][$settings['base'] + 1];
238		}
239		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
240		$page = "views/life/medics.php";
241		}
242		} elseif ($currentPage == 'admins') {
243		if ($_SESSION['permissions']['view']['player']) {
244		if ($query) {
245		$search = $url['path'][$settings['base'] + 1];
246		}
247		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
248		$page = "views/life/admins.php";
249		}
250		} elseif ($currentPage == 'police') {
251		if ($_SESSION['permissions']['view']['player']) {
252		if ($query) {
253		$search = $url['path'][$settings['base'] + 1];
254		}
255		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
256		$page = "views/life/police.php";
257		} else {
258		$err = errorMessage(5, $lang);
259		$page = "views/templates/error.php";
260		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'houses'", 3);
261		}
262
263		} elseif ($currentPage == 'houses') {
264		if ($_SESSION['permissions']['view']['houses']) {
265		if ($query) {
266		$search = $url['path'][$settings['base'] + 1];
267		}
268		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
269		$page = "views/life/houses.php";
270		} else {
271		$err = errorMessage(5, $lang);
272		$page = "views/templates/error.php";
273		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'houses'", 3);
274		}
275
276		} elseif ($currentPage == 'edithouse') {
277		if ($_SESSION['permissions']['edit']['houses']) {
278		if ($query) {
279		$hID = $url['path'][$settings['base'] + 1];
280		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
281		$page = "views/life/editHouse.php";
282		} else {
283		$err = errorMessage(8, $lang);
284		$page = "views/templates/error.php";
285		}
286		} else {
287		$err = errorMessage(5, $lang);
288		$page = "views/templates/error.php";
289		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editHouse'", 3);
290		}
291
292		} elseif ($currentPage == 'gangs') {
293		if ($_SESSION['permissions']['view']['gangs']) {
294		if ($query) {
295		$search = $url['path'][$settings['base'] + 1];
296		}
297		logAction($_SESSION['user_name'], $lang['visited'] . " 'gangs'", 1);
298		$page = "views/life/gangs.php";
299		} else {
300		$err = errorMessage(5, $lang);
301		$page = "views/templates/error.php";
302		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'gangs'", 3);
303		}
304
305		} elseif ($currentPage == 'editgang') {
306		if ($_SESSION['permissions']['edit']['gangs']) {
307		if ($query) {
308		$gID = $url['path'][$settings['base'] + 1];
309		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
310		$page = "views/life/editGang.php";
311		} else {
312		$err = errorMessage(8, $lang);
313		$page = "views/templates/error.php";
314		}
315		} else {
316		$err = errorMessage(5, $lang);
317		$page = "views/templates/error.php";
318		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editGang'", 3);
319		}
320
321		} elseif ($currentPage == 'wanted') {
322		if ($_SESSION['permissions']['view']['wanted']) {
323		if ($query) {
324		$search = $url['path'][$settings['base'] + 1];
325		}
326		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
327		$page = "views/life/wanted.php";
328		} else {
329		$err = errorMessage(5, $lang);
330		$page = "views/templates/error.php";
331		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'wanted'", 3);
332		}
333
334		} elseif ($currentPage == 'editwanted') {
335		if ($_SESSION['permissions']['edit']['wanted']) {
336		if ($query) {
337		$wantedID = $url['path'][$settings['base'] + 1];
338		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
339		$page = "views/life/editWanted.php";
340		} else {
341		$err = errorMessage(8, $lang);
342		$page = "views/templates/error.php";
343		}
344		} else {
345		$err = errorMessage(5, $lang);
346		$page = "views/templates/error.php";
347		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editWanted'", 3);
348		}
349		}
350
351		} elseif ($_SESSION['server_type'] == 'life' && $_SESSION['steamsignon'] \|\| $_SESSION['user_level'] == 1) {
352		if ($currentPage == 'cars') {
353		$page = "views/steam/life/cars.php";
354		} elseif ($currentPage == 'houses') {
355		$page = "views/steam/life/houses.php";
356		} elseif ($currentPage == 'editveh') {
357		if ($query) {
358		$vehID = $url['path'][$settings['base'] + 1];
359		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
360		$page = "views/steam/life/editVeh.php";
361		} else {
362		$err = errorMessage(8, $lang);
363		$page = "views/templates/error.php";
364		}
365		} elseif ($currentPage == 'edithouse') {
366		if ($query) {
367		$hID = $url['path'][$settings['base'] + 1];
368		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 1);
369		$page = "views/steam/life/editHouse.php";
370		} else {
371		$err = errorMessage(8, $lang);
372		$page = "views/templates/error.php";
373		}
374		}
375		}
376		}
377		if ($currentPage == 'newdb' \|\| $currentPage == 'newserver' \|\| $currentPage == 'settings' \|\| $currentPage == 'editstaff' \|\| $currentPage == 'staff' \|\| $currentPage == 'pluginstore' \|\| $currentPage == 'newuser' \|\| $currentPage == 'logs') {
378		if (isset($_POST['passTest'])) {
379		$sql = "SELECT user_password_hash FROM users WHERE user_id = '" . $_SESSION['user_id'] . "';";
380		$pass = $db_connection->query($sql)->fetch_object()->user_password_hash;
381		if (password_verify($_POST['passTest'], $pass)) {
382		$_SESSION['sudo'] = time();
383		} else {
384		message($lang['incorrectPass']);
385		}
386		}
387		if ($_SESSION['sudo'] + 10800 < time()) {
388		$page = "views/core/sudo.php";
389		} else {
390		if ($currentPage == 'newdb') {
391		if ($_SESSION['permissions']['super_admin']) {
392		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
393		$page = "views/core/newDB.php";
394		} else {
395		$err = errorMessage(5, $lang);
396		$page = "views/templates/error.php";
397		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newDB'", 3);
398		}
399		} elseif ($currentPage == 'newserver') {
400		if ($_SESSION['permissions']['super_admin']) {
401		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
402		$page = "views/core/newServer.php";
403		} else {
404		$err = errorMessage(5, $lang);
405		$page = "views/templates/error.php";
406		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newServer'", 3);
407		}
408
409		} elseif ($currentPage == 'settings') {
410		if ($_SESSION['permissions']['super_admin']) {
411		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
412		$page = "views/core/settings.php";
413		} else {
414		$err = errorMessage(5, $lang);
415		$page = "views/templates/error.php";
416		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'settings'", 3);
417		}
418
419		} elseif ($currentPage == 'editstaff') {
420		if ($_SESSION['permissions']['edit']['staff']) {
421		if ($query) {
422		$uId = $url['path'][$settings['base'] + 1];
423		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
424		$page = "views/core/editStaff.php";
425		} else {
426		$err = errorMessage(8, $lang);
427		$page = "views/templates/error.php";
428		}
429		} else {
430		$err = errorMessage(5, $lang); $page = "views/templates/error.php";
431		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'editStaff'", 3);
432		}
433		} elseif ($currentPage == 'staff') {
434		if ($_SESSION['permissions']['view']['staff']) {
435		if ($query) {
436		$search = $url['path'][$settings['base'] + 1];
437		}
438		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
439		$page = "views/core/staff.php";
440		} else {
441		$err = errorMessage(5, $lang); $page = "views/templates/error.php";
442		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'staff'", 3);
443		}
444
445		} elseif ($currentPage == 'pluginstore') {
446		if ($_SESSION['permissions']['super_admin']) {
447		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
448		$page = "views/core/pluginstore.php";
449		} else {
450		$err = errorMessage(5, $lang); $page = "views/templates/error.php";
451		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'pluginstore'", 3);
452		}
453
454		} elseif ($currentPage == 'newuser') {
455		if ($_SESSION['permissions']['edit']['staff']) {
456		require_once("classes/registration.php");
457		$registration = new Registration();
458		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
459		$page = "views/core/newUser.php";
460		} else {
461		$err = errorMessage(5, $lang); $page = "views/templates/error.php";
462		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'newUser'", 3);
463		}
464
465		} elseif ($currentPage == 'logs' && $settings['logging']) {
466		if ($_SESSION['permissions']['view']['logs']) {
467		if ($query) {
468		$search = $url['path'][$settings['base'] + 1];
469		}
470		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
471		$page = "views/core/logs.php";
472		} else {
473		$err = errorMessage(5, $lang); $page = "views/templates/error.php";
474		logAction($_SESSION['user_name'], $lang['failedAccess'] . " 'noPerm'", 3);
475		}
476		}
477		}
478		}
479
480		if ($currentPage == 'curplayers') {
481		if ($_SESSION['permissions']['view']['curplayer']) {
482		if ($query) {
483		$sid = $url['path'][$settings['base'] + 1];
484		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
485		$page = "views/core/curPlayers.php";
486		} else {
487		$err = errorMessage(8, $lang);
488		$page = "views/templates/error.php";
489		}
490		}
491		} elseif ($currentPage == 'servers') {
492		if ($_SESSION['permissions']['super_admin']) {
493		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
494		$page = "views/core/servers.php";
495		}
496	View Code Duplication	} elseif ($currentPage == 'editserver') {
497		if ($_SESSION['permissions']['super_admin']) {
498		if ($query) {
499		$id = $url['path'][$settings['base'] + 1];
500		logAction($_SESSION['user_name'], $lang['visited'] . " '" . $currentPage . "'", 2);
501		$page = "views/core/editServer.php";
502		} else {$err = errorMessage(8, $lang); $page = "views/templates/error.php"; }
503		} else {$err = errorMessage(5, $lang); $page = "views/templates/error.php"; }
504		}
505	View Code Duplication	foreach ($settings['plugins'] as &$plugin) {
506		if (file_exists("plugins/" . $plugin . "/pageRules.php")) {
507		include("plugins/" . $plugin . "/pageRules.php");
508		}
509		}
510
511		if ($currentPage == '2factor' && isset($_SESSION['user_email'])) {
512		$page = 'views/core/2factor.php';
513		} elseif ($currentPage == 'donate') {
514		$page = 'views/core/donate.php';
515		}
516
517		if ($currentPage == 'profile') {
518		if (isset($_SESSION['user_email'])) {
519		$page = "views/core/profile.php";
520		}
521		}
522
523		if ($currentPage == 'register') {
524		if ($settings['register']) {
525		require_once("classes/GuestReg.php");
526		$GuestReg = new GuestReg();
527		$page = "views/core/register.php";
528		}
529		}
530		if ($settings['2factor']) {
531		if ($_SESSION['2factor'] == 0) {
532		if ($settings['force2factor'] == 'steam') {
533		if (!$_SESSION['steamsignon']) $_SESSION['2factor'] == 5;
534		} elseif ($settings['force2factor'] == 'all') $_SESSION['2factor'] == 5;
535		$page = 'views/core/2factor.php';
536		} elseif ($_SESSION['2factor'] == 1 \|\| $_SESSION['2factor'] == 3) {
537		if (isset($_POST['code'])) {
538		$sql = "SELECT `twoFactor` FROM `users` WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
539		$user = $db_connection->query($sql)->fetch_object();
540		if ($gauth->verifyCode($user->twoFactor, $_POST['code'])) $_SESSION['2factor'] = 2;
541		else {
542		$sql = "SELECT `backup` FROM `users` WHERE `user_id` = '" . $_SESSION['user_id'] . "';";
543		$user = $db_connection->query($sql)->fetch_object();
544		if ($user->backup == $_POST['code']) {
545		$_SESSION['2factor'] = 2;
546		} else {
547		$_SESSION['2factor'] = 3;
548		$page = 'views/core/2factor.php';
549		}
550		}
551		} else $page = 'views/core/2factor.php';
552		}
553		}
554
555		if ($debug) {
556		if ($currentPage == 'debug') {
557		$page = "views/debug/debug.php";
558		} elseif ($currentPage == 'phpinfo') {
559		$page = "views/debug/phpinfo.php";
560		} elseif ($currentPage == 'debuglogs') {
561		$page = "views/debug/logs.php";
562		} elseif ($currentPage == 'phplogs') {
563		$page = "views/debug/phplogs.php";
564		}
565		}
566		include("views/templates/template.php");
567		} else {
568		include("views/core/login.php");
569		}
570		} else {
571		$err = errorMessage(2, $lang);
572		}
573		} else {
574		include ('views/firstTime.php');
575		}
576

Cyberbyte-Studios / CyberWorks

Issues (501)

Security Analysis not enabled

index.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like