$servers = array();
global $userbank;
function setPostKey()
{
if (isset($_SERVER['REMOTE_IP'])) {
$_SESSION['banlist_postkey'] = md5($_SERVER['REMOTE_IP'] . time() . rand(0, 100000));
} else {
$_SESSION['banlist_postkey'] = md5(time() . rand(0, 100000));
}
}
if (!isset($_SESSION['banlist_postkey']) || strlen($_SESSION['banlist_postkey']) < 4) {
setPostKey();
}
$page = 1;
$pagelink = "";
PruneBans();
if (isset($_GET['page']) && $_GET['page'] > 0) {
$page = intval($_GET['page']);
$pagelink = "&page=" . $page;
}
if (version_compare($GLOBALS['db_version'], "5.6.0") >= 0 && version_compare($GLOBALS['db_version'], "10.0.0") < 0) {
$GLOBALS['db']->Execute("set session optimizer_switch='block_nested_loop=off';");
}
if (isset($_GET['a']) && $_GET['a'] == "unban" && isset($_GET['id'])) {
if ($_GET['key'] != $_SESSION['banlist_postkey']) {
die("Possible hacking attempt (URL Key mismatch)");
}
//we have a multiple unban asking
if (isset($_GET['bulk'])) {
$bids = explode(",", $_GET['id']);
} else {
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a ban, but doesnt have access.");
return $objResponse;
}
$steam = trim($steam);
$error = 0;
// If they didnt type a steamid
if (empty($steam) && $type == 0) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if (empty($ip) && $type == 1) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "You must type an IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
if ($type == 1 && !validate_ip($ip)) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "You must type a valid IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
$objResponse->addAssign("steam.msg", "innerHTML", "");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
$objResponse->addAssign("ip.msg", "innerHTML", "");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
}
}
}
}
if ($error > 0) {
return $objResponse;
}
$nickname = RemoveCode($nickname);
$ip = preg_replace('#[^\\d\\.]#', '', $ip);
//strip ip of all but numbers and dots
$dname = RemoveCode($dname);
$reason = RemoveCode($reason);
if (!$length) {
$len = 0;
} else {
$len = $length * 60;
}
// prune any old bans
PruneBans();
if ((int) $type == 0) {
// Check if the new steamid is already banned
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already banned.', 'red', '');");
return $objResponse;
}
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');");
return $objResponse;
}
}
}
if ((int) $type == 1) {
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Error', 'IP: {$ip} is already banned.', 'red', '');");
return $objResponse;
}
}
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
$subid = $GLOBALS['db']->Insert_ID();
if ($dname && $dfile && preg_match('/^[a-z0-9]*$/i', $dfile)) {
$GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
}
if ($fromsub) {
$submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
// Send an email when ban is accepted
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
$headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
$message = "Hello,\n";
$message .= "Your ban submission was accepted by our admins.\nThank you for your support!\nClick the link below to view the current ban list.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
mail($submail->fields['email'], "[SourceBans] Ban Added", $message, $headers);
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
}
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
$kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
if ($kickit) {
$objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
} else {
$objResponse->addScript("ShowBox('Ban Added', 'The ban has been successfully added', 'green', 'index.php?p=admin&c=bans');");
}
$objResponse->addScript("TabToReload();");
$log = new CSystemLog("m", "Ban Added", "Ban against (" . ((int) $type == 0 ? $steam : $ip) . ") has been added, reason: {$reason}, length: {$length}", true, $kickit);
return $objResponse;
}
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Ошибка доступа", $username . " пытался добавить бан, не имея на то прав.");
return $objResponse;
}
$steam = trim($steam);
$error = 0;
// If they didnt type a steamid
if (empty($steam) && $type == 0) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Введите Steam ID или Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Введите действительный Steam ID или Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if (empty($ip) && $type == 1) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "Введите IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
if ($type == 1 && !validate_ip($ip)) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "Введите действительный IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
$objResponse->addAssign("steam.msg", "innerHTML", "");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
$objResponse->addAssign("ip.msg", "innerHTML", "");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
}
}
}
}
if ($error > 0) {
return $objResponse;
}
$nickname = RemoveCode($nickname);
$ip = preg_replace('#[^\\d\\.]#', '', $ip);
//strip ip of all but numbers and dots
$dname = RemoveCode($dname);
$reason = RemoveCode($reason);
if (!$length) {
$len = 0;
} else {
$len = $length * 60;
}
// prune any old bans
PruneBans();
if ((int) $type == 0) {
// Check if the new steamid is already banned
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Ошибка', 'SteamID: {$steam} уже забанен.', 'red', '');");
return $objResponse;
}
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$objResponse->addScript("ShowBox('Ошибка', 'SteamID админа " . $admin['user'] . " ({$steam}) под иммунитетом.', 'red', '');");
return $objResponse;
}
}
}
if ((int) $type == 1) {
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Ошибка', 'Этот IP ({$ip}) уже забанен.', 'red', '');");
return $objResponse;
}
}
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
$subid = $GLOBALS['db']->Insert_ID();
if ($dname && $dfile) {
$GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
}
if ($fromsub) {
$submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
// Send an email when ban is accepted
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
$headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
$message = "Привет,\n";
$message .= "Ваша заявка на бан подтверждена админом.\nПерейдите по ссылке, чтобы посмотреть банлист.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
mail($submail->fields['email'], "[SourceBans] Бан добавлен", $message, $headers);
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
}
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
$kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
if ($kickit) {
$objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
} else {
$objResponse->addScript("ShowBox('Бан добавлен', 'Бан успешно добавлен', 'green', 'index.php?p=admin&c=bans');");
}
$objResponse->addScript("TabToReload();");
$log = new CSystemLog("m", "Бан добавлен", "Бан против (" . ((int) $type == 0 ? $steam : $ip) . ") был добавлен, причина: {$reason}, срок: {$reason}, length: {$length}", true, $kickit);
return $objResponse;
}