function licenceRequest($return = false) { global $sql, $ui; $licencecode = webhostRequest('l.easy-wi.com', $ui->server['HTTP_HOST'], '/licence.php', null, 80); $licencecode = cleanFsockOpenRequest($licencecode, '{', '}'); $json = @json_decode($licencecode); if ($json and isset($json->v)) { $licencecode = array(); foreach ($json as $k => $v) { $licencecode[$k] = $v; } $licencecode['lt'] = time(); $licencecode = json_encode($licencecode); $query2 = $sql->prepare("UPDATE `settings` SET `licence`=?,`version`=?,`releasenotesDE`=?,`releasenotesEN`=? WHERE `resellerid`=0 LIMIT 1"); $query2->execute(array($licencecode, $json->v, $json->de, $json->en)); } return $return == true ? $licencecode : false; }
function getMinecraftVersion($release = 'release') { $responseBody = webhostRequest('s3.amazonaws.com', 'https://easy-wi.com', '/Minecraft.Download/versions/versions.json'); $json = @json_decode(cleanFsockOpenRequest($responseBody, '{', '}')); return $json ? array('version' => $json->latest->{$release}, 'downloadPath' => 'https://s3.amazonaws.com/Minecraft.Download/versions/' . $json->latest->{$release} . '/minecraft_server.' . $json->latest->{$release} . '.jar') : array('version' => '', 'downloadPath' => ''); }
} } } $query2 = $sql->prepare("SELECT * FROM `feeds_url` WHERE `resellerID`=?"); $query2->execute(array($lookUpID)); while ($row2 = $query2->fetch(PDO::FETCH_ASSOC)) { unset($gZipped); if ($feedsActive == 'Y' and $row2['active'] == 'Y' and ($diff > $row['updateMinutes'] or !isset($jobUpdating))) { $modified = date('D, d M Y H:i:s T', strtotime($row2['modified'])); $twitter = $row2['twitter']; $feedID = $row2['feedID']; if ($twitter == 'Y') { if (isset($printToConsole)) { print "Getting Updates for Twitter Feed {$row2['loginName']}\r\n"; } $json = webhostRequest('api.twitter.com', 'easy-wi.com', '/1/statuses/user_timeline.json?include_rts=false&exclude_replies=true&screen_name=' . $row2['loginName'] . '&count=' . $newsAmount, 443); $json = cleanFsockOpenRequest($json, '[', ']'); foreach (json_decode($json) as $tweet) { if (isset($tweet->text)) { $feedTitle = substr($tweet->text, 0, 50) . '...'; $description = $tweet->text; $link = 'https://twitter.com/' . $tweet->user->screen_name . '/status/' . $tweet->id_str; $pubDate = date('Y-m-d H:i:s', strtotime($tweet->created_at)); $content = ''; $author = $tweet->user->name; $creator = $tweet->user->name; $feedsArray[$feedID][] = array('title' => $feedTitle, 'description' => $description, 'link' => $link, 'pubDate' => $pubDate, 'content' => $content, 'author' => $author, 'creator' => $creator); } } } else { if (isset($printToConsole)) {
if (is_array($reply)) { echo 'Version for ' . $row['shorten'] . ' is: ' . $reply['version'] . "\r\n"; if (strlen($reply['version']) > 1) { $query2->execute(array($reply['version'], $reply['downloadPath'], $row['shorten'])); } } } echo "Fetch version for valves appIDs\r\n"; $steamVersion = array(); $query2 = $sql->prepare("UPDATE `servertypes` SET `steamVersion`=? WHERE `appID`=?"); $query = $sql->prepare("SELECT t.`appID`,t.`shorten` FROM `servertypes` t INNER JOIN `rservermasterg` r ON t.`id`=r.`servertypeid` WHERE t.`appID` IS NOT NULL AND t.`steamgame`!='N' GROUP BY t.`appID` ORDER BY t.`appID`"); $query->execute(); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { if (!in_array($row['appID'], array(null, '', false))) { $lookUpAppID = workAroundForValveChaos($row['appID'], $row['shorten']); $json = webhostRequest('api.steampowered.com', 'easy-wi.com', '/ISteamApps/UpToDateCheck/v0001/?appid=' . $lookUpAppID . '&version=0.0.0.0&format=json'); $decoded = @json_decode($json); if ($decoded and !isset($decoded->response->error) and isset($decoded->response->required_version)) { $query2->execute(array($decoded->response->required_version, $row['appID'])); echo 'Version for appID ' . $row['appID'] . ' is: ' . $decoded->response->required_version . "\r\n"; } else { if (isset($decoded->response->error)) { echo 'Error for appID ' . $row['appID'] . ' is: ' . $decoded->response->error . "\r\n"; } else { echo 'Error for appID ' . $row['appID'] . ' is: Could not retrieve JSON string' . "\r\n"; } } } } $webhostdomain = webhostdomain(0); $query = $sql->prepare("SELECT `timezone`,`voice_autobackup`,`voice_autobackup_intervall`,`voice_maxbackup`,`down_checks`,`resellerid` FROM `settings`");
function checkForSpam($checkURL = null) { global $ui, $blockLinks, $languageFilter, $page_data, $user_language, $textID, $blockWords, $honeyPotKey, $tornevall, $sql; $spamReason = array(); $ips = array(); // Check if IP exists at DB as a spammer if ($checkURL == null) { $hostByIp = ''; if ($ui->ip4('REMOTE_ADDR', 'server')) { $hostByIp = gethostbyaddr($ui->ip4('REMOTE_ADDR', 'server')); $ips[] = $hostByIp; } $query = $sql->prepare("SELECT COUNT(`commentID`) AS `amount` FROM `page_comments` WHERE `markedSpam`='Y' AND (`ip`=? OR `dns`=?) AND `resellerid`=0 LIMIT 1"); $query->execute(array($ui->ip('REMOTE_ADDR', 'server'), $hostByIp)); if ($query->fetchColumn() > 0) { $spamReason[] = 'IP or Host already known for spam'; } } else { $check = str_replace(array('https://', 'http://', 'ftps://', 'ftp://'), '', $checkURL); $ips = gethostbynamel($check); foreach ($ips as $ip) { $query = $sql->prepare("SELECT COUNT(`commentID`) AS `amount` FROM `page_comments` WHERE `markedSpam`='Y' AND `ip`=? AND `resellerid`=0 LIMIT 1"); $query->execute(array($ip)); if ($query->fetchColumn() > 0 and !in_array('IP or Host already known for spam', $spamReason)) { $spamReason[] = 'IP or Host already known for spam'; } } } // reverse DNS does not add up if ($checkURL == null and count($spamReason) == 0 and $ui->ip4('REMOTE_ADDR', 'server') and !in_array($ui->ip4('REMOTE_ADDR', 'server'), gethostbynamel($ips))) { $spamReason[] = 'Fake IP'; } // hidden fields have been filled if ($checkURL == null and count($spamReason) == 0 and strlen($ui->escaped('mail', 'post')) > 0) { $spamReason[] = 'XSS: Hidden field'; } // CSFR token does not add up if ($checkURL == null and count($spamReason) == 0 and (!isset($_SESSION['news'][$textID]) or $_SESSION['news'][$textID] != $ui->escaped('token', 'post'))) { $spamReason[] = 'XSS: Token'; } // Links not allowed in comments if ($checkURL == null and count($spamReason) == 0 and $blockLinks == 'Y') { foreach (array('http://', 'https://', 'ftp://', 'ftps://') as $key) { if (strpos($ui->escaped('comment', 'post'), $key) !== false and !in_array('URL Spam', $spamReason)) { $spamReason[] = 'URL Spam'; } } } // Post contains blacklisted words if ($checkURL == null and count($spamReason) == 0) { foreach (explode(', ', $blockWords) as $word) { if (strlen(trim($word)) > 0 and strpos($ui->escaped('comment', 'post'), trim($word)) !== false and !in_array('Word Blacklist', $spamReason)) { $spamReason[] = 'Word Blacklist'; } } } // use google translation REST API for language detection. If the current page contains a different language we likely have a spammer if ($checkURL == null and count($spamReason) == 0 and $languageFilter == 'Y') { $raw = webhostRequest('translate.google.com', $page_data->pageurl, '/translate_a/t?client=x&text=' . urlencode(htmlentities(substr($ui->escaped('comment', 'post'), 0, 200)))); $json = json_decode($raw); if ($json and isset($json->src) and $json->src != $user_language) { $spamReason[] = 'Language'; } } // check if the remote address (IP) is known for spamming at the tornevall.org list if (count($spamReason) == 0 and ($checkURL != null or $ui->ip4('REMOTE_ADDR', 'server')) and ($honeyPotKey != null and $honeyPotKey != '' or $tornevall == 'Y')) { if ($checkURL != null) { $ips = array($ui->ip4('REMOTE_ADDR', 'server')); } foreach ($ips as $ip) { $ipRevers = implode('.', array_reverse(explode('.', $ip))); if (count($spamReason) == 0 and $tornevall == 'Y' and (bool) checkdnsrr($ipRevers . '.opm.tornevall.org.', 'A')) { $spamReason[] = 'IP is listed at dnsbl.tornevall.org'; } if (count($spamReason) == 0 and $honeyPotKey != null and $honeyPotKey != '') { $ex = explode('.', gethostbyname($honeyPotKey . '.' . $ipRevers . '.dnsbl.httpbl.org')); if ($ex[0] == 127) { $types = array(1 => 'Suspicious', 2 => 'Harvester', 3 => 'Suspicious & Harvester', 4 => 'Comment Spammer', 5 => 'Suspicious & Comment Spammer', 6 => 'Harvester & Comment Spammer', 7 => 'Suspicious & Harvester & Comment Spammer'); if ($ex[3] != 0) { $spamReason[] = 'IP seems to be a ' . $types[$ex[3]] . '. It was last seen ' . $ex[1] . ' day(s) ago and has a threat score of ' . $ex[2]; } } } } } return $spamReason; }
error_reporting(E_ALL | E_STRICT); define('EASYWIDIR', dirname(dirname(__FILE__))); require_once EASYWIDIR . '/stuff/methods/functions.php'; require_once EASYWIDIR . '/stuff/methods/vorlage.php'; $currentStep = (isset($_GET['step']) and $_GET['step'] > 0 and $_GET['step'] < 10) ? (int) $_GET['step'] : 0; $progressPercent = 100 / 9 * $currentStep; $acceptLanguage = strtolower(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2)); $fallbackLanguage = file_exists(EASYWIDIR . '/install/' . $acceptLanguage . '.xml') ? $acceptLanguage : 'en'; $menuLanguage = (isset($_GET['language']) and strlen($_GET['language']) == 2 and file_exists(EASYWIDIR . '/install/' . $_GET['language'] . '.xml')) ? $_GET['language'] : $fallbackLanguage; $languageGetParameter = '&language=' . $menuLanguage; $languageObject = simplexml_load_file(EASYWIDIR . '/install/' . $menuLanguage . '.xml'); $displayToUser = ''; $systemCheckOk = array(); $systemCheckError = array(); if ($currentStep == 0) { $licencecode = webhostRequest('l.easy-wi.com', $_SERVER['HTTP_HOST'], '/version.php', null, 80); $licencecode = cleanFsockOpenRequest($licencecode, '{', '}'); $json = @json_decode($licencecode); if (!$json or '5.10' == $json->v) { $displayToUser = "******"; } else { $displayToUser = "******"; } } else { if (version_compare(PHP_VERSION, '5.3.0') >= 0) { $systemCheckOk['php'] = $languageObject->system_ok_php_version . PHP_VERSION; } else { $systemCheckError['php'] = $languageObject->error_system_php_version . PHP_VERSION; } if (extension_loaded('openssl')) { $systemCheckOk['openssl'] = $languageObject->system_ok_openssl;
} // Substitutes unset($left); $start = 0; // Prepare queries only once to avoid overhead $query2 = $sql->prepare("SELECT `sID` FROM `userdata_substitutes` WHERE `sourceSystemID`=? AND `externalID`=? AND `resellerID`=? LIMIT 1"); $query4 = $sql->prepare("SELECT `id` FROM `userdata` WHERE `sourceSystemID`=? AND `externalID`=? AND `resellerID`=? LIMIT 1"); $query3 = $sql->prepare("UPDATE `userdata_substitutes` SET `loginName`=?,`name`=?,`vname`=? WHERE `sID`=? LIMIT 1"); $query5 = $sql->prepare("INSERT INTO `userdata_substitutes` (`userID`,`loginName`,`name`,`vname`,`passwordHashed`,`sourceSystemID`,`externalID`,`resellerID`) VALUES (?,?,?,?,?,?,?,?)"); $query6 = $sql->prepare("SELECT `id` FROM `gsswitch` WHERE `sourceSystemID`=? AND `externalID`=? AND `userid`=? AND `resellerid`=? LIMIT 1"); $query7 = $sql->prepare("INSERT INTO `userdata_substitutes_servers` (`sID`,`oType`,`oID`,`resellerID`) VALUE (?,'gs',?,?) ON DUPLICATE KEY UPDATE `resellerID`=`resellerID`"); $query8 = $sql->prepare("SELECT `id` FROM `voice_server` WHERE `sourceSystemID`=? AND `externalID`=? AND `userid`=? AND `resellerid`=? LIMIT 1"); $query9 = $sql->prepare("INSERT INTO `userdata_substitutes_servers` (`sID`,`oType`,`oID`,`resellerID`) VALUE (?,'vo',?,?) ON DUPLICATE KEY UPDATE `resellerID`=`resellerID`"); while (!isset($left) or $left > 0) { $getRequest = '/' . $row['file'] . '?passwordToken=' . urlencode($row['token']) . '&list=substitutes&start=' . urlencode($start) . '&chunkSize=' . urlencode($row['chunkSize']) . '&lastID=' . urlencode($row['lastID']) . '&updateTime=' . urlencode($row['lastCheck']); $rawResponse = webhostRequest($row['domain'], 'https://easy-wi.com', $getRequest, null, $port); $response = cleanFsockOpenRequest($rawResponse, '{', '}'); $decoded = json_decode($response); unset($response); if ($decoded and isset($decoded->error)) { $left = 0; if (is_array($decoded->error)) { printText('Error: ' . implode(', ', $decoded->error)); } else { printText('Error: ' . $decoded->error); } } else { if ($decoded and isset($decoded->total)) { if (isset($left)) { $left -= $row['chunkSize']; } else {
$fileAuth = $row['file']; $xml = new DOMDocument('1.0', 'utf-8'); $element = $xml->createElement('user'); $key = $xml->createElement('username', $username); $element->appendChild($key); $key = $xml->createElement('pwd', $password); $element->appendChild($key); $key = $xml->createElement('mail', $mail); $element->appendChild($key); $key = $xml->createElement('externalID', $externalID); $element->appendChild($key); $xml->appendChild($element); $postXML = urlencode(base64_encode($xml->saveXML())); } if (isset($activeAuth) and $activeAuth == 'Y') { $reply = webhostRequest($domainAuth, $ui->escaped('HTTP_HOST', 'server'), $fileAuth, array('authPWD' => $pwdAuth, 'userAuth' => $userAuth, 'postXML' => $postXML), $portAuth); $xmlReply = @simplexml_load_string($reply); if ($xmlReply and isset($xmlReply->success) and $xmlReply->success == 1 and $xmlReply->user == $username) { $passwordCorrect = true; $newHash = passwordCreate($username, $password); if (is_array($newHash)) { $query = $sql->prepare("UPDATE `userdata` SET `security`=?,`salt`=? WHERE `id`=? LIMIT 1"); $query->execute(array($newHash['hash'], $newHash['salt'], $id)); } else { $query = $sql->prepare("UPDATE `userdata` SET `security`=? WHERE `id`=? LIMIT 1"); $query->execute(array($newHash, $id)); } } else { if ($xmlReply and strlen($xmlReply->error) > 0) { $externalAuthError = $xmlReply->error; } else {
public function startStop() { foreach ($this->startStop as $a) { $postParams = array(); $file = ''; $requestString = $a['action'] == 're' ? $this->ID['dedicated'][$a['id']]['apiRequestRestart'] : $this->ID['dedicated'][$a['id']]['apiRequestStop']; $apiPath = str_replace(array('http://', 'https://', ':8080', ':80', ':443'), '', $this->ID['dedicated'][$a['id']]['apiURL']); $ex = preg_split("/\\//", $apiPath, -1, PREG_SPLIT_NO_EMPTY); $i = 1; $exCount = count($ex); while ($exCount > $i) { $file .= '/' . $ex[$i]; $i++; } $file .= '/'; if ($this->ID['dedicated'][$a['id']]['apiRequestType'] == 'G') { $file .= $requestString; } else { foreach (explode('&', str_replace(array('&', '?'), array('&', ''), $requestString)) as $param) { $ex = explode('=', $param); if (isset($ex[1])) { $postParams[$ex[0]] = $ex[1]; } } } webhostRequest($ex[0], 'easy-wi.com', $file, $postParams, $this->ID['dedicated'][$a['id']]['https'] == 'Y' ? 443 : 80); } return true; }