function BlockPlayer($check, $sid, $num, $type, $length) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; $length = (int) $length; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to process a playerblock, but doesnt have access."); return $objResponse; } //get the server data $sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); //test if server is online if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) { @fclose($test); require_once INCLUDES_PATH . "/CServerRcon.php"; $r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;"); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Wrong RCON Password, please change!</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } $ret = $r->rconCommand("status"); // show hostname instead of the ip, but leave the ip in the title require_once "../includes/system-functions.php"; $hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER); $hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false); if (!empty($hostname)) { $objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>"); } $gothim = false; $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); //search for the steamid on the server foreach ($matches[3] as $match) { if (substr($match, 8) == substr($check, 8)) { // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_comms` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.blockit.php")); $kick = $r->sendCommand("sc_fw_block " . $type . " " . $length . " " . $match); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Player Found & blocked!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } } if (!$gothim) { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Player not found.</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } } else { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Can't connect to server.</i></font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } }
function PasteBlock($sid, $name) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried paste a block, but doesn't have access."); return $objResponse; } require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = ?;", array($sid)); if (empty($data['rcon'])) { $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("ShowBox('Error', 'No RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = ?;", array($sid)); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("ShowBox('Error', 'Wrong RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);"); return $objResponse; } $ret = $r->rconCommand("status"); $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); $i = 0; $found = false; $index = -1; foreach ($matches[2] as $match) { if ($match == $name) { $found = true; $index = $i; break; } $i++; } if ($found) { $steam = $matches[3][$index]; $name = $matches[2][$index]; $objResponse->addScript("\$('nickname').value = '" . addslashes($name) . "'"); $objResponse->addScript("\$('steam').value = '" . $steam . "'"); } else { $objResponse->addScript("ShowBox('Error', 'Can\\'t get player info for " . addslashes(htmlspecialchars($name)) . ". Player is not on the server (" . $data['ip'] . ":" . $data['port'] . ") anymore!', 'red', '', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); return $objResponse; } $objResponse->addScript("SwapPane(0);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("\$('dialog-placement').setStyle('display', 'none');"); return $objResponse; }
function ViewCommunityProfile($sid, $name) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->is_admin()) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался посмотреть профиль '" . htmlspecialchars($name) . "', не имея на это прав."); return $objResponse; } $sid = (int) $sid; require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); if (empty($data['rcon'])) { $objResponse->addScript("ShowBox('Ощибка', 'Невозможно получить информацию о игроке " . addslashes(htmlspecialchars($name)) . ". Не задан РКОН пароль!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';"); $objResponse->addScript("ShowBox('Ошибка', 'Невозможно получить информацию о игроке " . addslashes(htmlspecialchars($name)) . ". Неверный РКОН пароль!', 'red', '', true);"); return $objResponse; } // search for the playername $ret = $r->rconCommand("status"); $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); $i = 0; $found = false; $index = -1; foreach ($matches[2] as $match) { if ($match == $name) { $found = true; $index = $i; break; } $i++; } if ($found) { $steam = $matches[3][$index]; $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');\$('dialog-content-text').innerHTML = 'Генерируем ссылку на профиль игрока " . addslashes(htmlspecialchars($name)) . ", пожалуйста подождите...<br /><font color=\"green\">Выполнено.</font><br /><br /><b>Смотреть профиль <a href=\"http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/\" title=\"" . addslashes(htmlspecialchars($name)) . "\\'s Profile\" target=\"_blank\">здесь</a>.</b>';"); $objResponse->addScript("window.open('http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/', 'Community_" . $steam . "');"); } else { $objResponse->addScript("ShowBox('Ошибка', 'Невозможно получить информацию о игроке " . addslashes(htmlspecialchars($name)) . ". Игрок ушёл с сервера!', 'red', '', true);"); } return $objResponse; }
function SendRconSilent($rcon, $sid) { require_once INCLUDES_PATH . '/CServerRcon.php'; $serv = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); if (empty($serv['rcon'])) { return false; } $test = @fsockopen($serv['ip'], $serv['port'], $errno, $errstr, 2); if (!$test) { return false; } $r = new CServerRcon($serv['ip'], $serv['port'], $serv['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . (int) $sid . "';"); return false; } $ret = $r->rconCommand($rcon); if ($ret) { return true; } return false; }
function ViewCommunityProfile($sid, $name) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->is_admin()) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to view profile of '" . htmlspecialchars($name) . "', but doesnt have access."); return $objResponse; } $sid = (int) $sid; require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); if (empty($data['rcon'])) { $objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". No RCON password!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';"); $objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". Wrong RCON password!', 'red', '', true);"); return $objResponse; } // search for the playername $ret = $r->rconCommand("status"); $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); $i = 0; $found = false; $index = -1; foreach ($matches[2] as $match) { if ($match == $name) { $found = true; $index = $i; break; } $i++; } if ($found) { $steam = $matches[3][$index]; // Hack to support steam3 [U:1:X] representation. if (strpos($steam, "[U:") === 0) { $steam = renderSteam2(getAccountId($steam), 0); } $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');\$('dialog-content-text').innerHTML = 'Generating Community Profile link for " . addslashes(htmlspecialchars($name)) . ", please wait...<br /><font color=\"green\">Done.</font><br /><br /><b>Watch the profile <a href=\"http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/\" title=\"" . addslashes(htmlspecialchars($name)) . "\\'s Profile\" target=\"_blank\">here</a>.</b>';"); $objResponse->addScript("window.open('http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/', 'Community_" . $steam . "');"); } else { $objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". Player not on the server anymore!', 'red', '', true);"); } return $objResponse; }
function KickPlayer($check, $sid, $num, $type) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался кого-то кикнуть, не имея на это прав."); return $objResponse; } //get the server data $sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); //test if server is online if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) { @fclose($test); require_once INCLUDES_PATH . "/CServerRcon.php"; $r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;"); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Неверный РКОН!</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } $ret = $r->rconCommand("status"); // show hostname instead of the ip, but leave the ip in the title require_once "../includes/system-functions.php"; $hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER); $hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false); if (!empty($hostname)) { $objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>"); } $gothim = false; $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); //search for the steamid on the server if ((int) $type == 0) { foreach ($matches[3] as $match) { if (substr($match, 8) == substr($check, 8)) { // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php")); $kick = $r->sendCommand("kickid " . $match . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\""); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } } } else { if ((int) $type == 1) { // search for the ip on the server $id = 0; foreach ($matches[8] as $match) { $ip = explode(":", $match); $ip = $ip[0]; if ($ip == $check) { $userid = $matches[1][$id]; // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE ip = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php")); $kick = $r->sendCommand("kickid " . $userid . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\""); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } $id++; } } } if (!$gothim) { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Игрок не найден.</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } } else { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Нет соединения с сервером.</i></font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } }