Exemple #1
0
    sendBack('You didn\'t change anything, so Echelon has done nothing');
}
## Query Section ##
//$mem->reAuthUser($cur_pw, $dbl); // check user current password is correct
if ($is_change_display_email) {
    // if the display or email have been altered edit them if not skip this section
    // update display name and email
    $results = $dbl->editMe($display, $email, $mem->id);
    if (!$results) {
        // if false (if nothing happened)
        sendBack('There was an error updating your email and display name');
    } else {
        // its been changed so we must update the session vars
        $_SESSION['email'] = $email;
        $_SESSION['name'] = $display;
        $mem->setName($display);
        $mem->setEmail($email);
    }
}
## if a change pw request ##
if ($is_change_pw) {
    $result = $mem->genAndSetNewPW($pass1, $mem->id, $min_pw_len);
    // function to generate and set a new password
    if (is_string($result)) {
        // result is either true (success) or an error message (string)
        sendBack($result);
    }
}
## return good ##
sendGood('Your user information has been successfully updated');
Exemple #2
0
if ($db_test->connect_error) {
    // send back with a failed connection message
    sendBack('<strong>Database Connection Error</strong>
				<p>The connection information you supplied is incorrect.<br />' . $db_test->connect_error . '</p>');
}
## Update DB ##
if ($is_add) {
    // add game queries
    $result = $dbl->addGame($name, $game_type, $name_short, $db_host, $db_user, $db_pw, $db_name);
    if (!$result) {
        // if everything is okay
        sendBack('There is a problem, the game information was not saved.');
    }
    $dbl->addGameCount();
    // Add one to the game counter in config table
} else {
    // edit game queries
    $mem->reAuthUser($password, $dbl);
    $result = $dbl->setGameSettings($game, $name, $name_short, $db_user, $db_host, $db_name, $db_pw, $change_db_pw, $enabled);
    // update the settings in the DB
    if (!$result) {
        sendBack('Something did not update. Did you edit anything?');
    }
}
## Return with result message
if ($is_add) {
    set_good('Game Added');
    send('../settings-games.php');
} else {
    sendGood('Your settings have been updated');
}
Exemple #3
0
            $rcon_port = $config['game']['servers'][$i]['rcon_port'];
            $c_ip = trim($c_ip);
            // PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
            $command = "pb_sv_banguid " . $pbid . " " . $c_name . " " . $c_ip . " " . $reason;
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
            // send the ban command
            sleep(1);
            // sleep for 1 sec in ordere to the give server some time
            $command_upd = "pb_sv_updbanfile";
            // we need to update the ban files
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
            // send the ban file update command
        }
        $i++;
    }
}
// end if a $is_pb_ban == true
if ($result) {
    // set comment for the ban, and log it
    if ($type == 'Ban') {
        $comment = 'permanent ban, for "' . $reason . '"';
    } else {
        $dur_name = array('m' => 'minute', 'h' => 'hour', 'd' => 'day', 'w' => 'week', 'mn' => 'month', 'y' => 'year');
        $comment = $duration_form . ' ' . $dur_name[$time] . ' temp ban, for \\"' . $reason . '\\"';
    }
    $result = $dbl->addEchLog('Ban', $comment, $client_id, $mem->id, $game);
    sendGood('Ban added to banlist and to the DB');
} else {
    sendBack('Something went wrong the ban was not added');
}
exit;
Exemple #4
0
<?php

$auth_name = 'add_user';
// this page is add user, so that if you can add keys you should be able to remove them
require '../inc.php';
if ($_POST['t'] == 'del') {
    // if this is a deletion request
    $key = cleanvar($_POST['key']);
    if (verifyFormToken('keydel' . $key, $tokens) == false) {
        // verify token
        ifTokenBad('Reg Key Delete');
    }
    // if bad token, log and send error
    $result = $dbl->delKey($key);
    if ($result) {
        sendGood('Registration key deleted');
    } else {
        sendBack('There was an problem completeing your request');
    }
    exit;
    // no need continuing with this script
} elseif ($_POST['comment']) {
    // if this is an edit comment request
    $key = cleanvar($_POST['key']);
    $comment = cleanvar($_POST['comment']);
    emptyInput($comment, 'comment');
    $result = $dbl->editKeyComment($key, $comment, $mem->id);
    // this is an ajax request, so we need to echo error/success messages
    if ($result) {
        echo 'yes';
    } else {
Exemple #5
0
        sendBack('That IP address is not valid');
    }
    $whitelist = array('token', 'reason', 'ip');
    // allow form fields to be sent
    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key => $item) {
        if (!in_array($key, $whitelist)) {
            hack(1);
            // plus 1 to hack counter
            writeLog('Add BL - Unknown form fields provided');
            // make note of event
            sendBack('Unknown Information sent.');
            exit;
        }
    }
    // end foreach
    ## Query Section ##
    $result = $dbl->blacklist($ip, $reason, $mem->id);
    if (!$result) {
        // if false
        sendBack('That IP was not added to the blacklist');
    }
    // if got this far we are doing well so lets send back a good message
    sendGood('The IP has been added to the banlist');
    exit;
    // no need to continue
} else {
    // if this page was not posted and a user indirectly ends up on this page then sent to SA page with error
    set_error('Please do not load that page without submitting the ban IP address form');
    send('../sa.php');
}
Exemple #6
0
    sendBack('There was a problem adding the key into the database');
}
//send the email or message after adding to the DB
if (USE_MAIL) {
    ## email user about the key ##
    $body = '<html><body>';
    $body .= '<h2>Echelon User Key</h2>';
    $body .= $config['cosmos']['email_header'];
    $body .= 'This is the key you will need to use to register on Echelon. 
				<a href="http://' . $_SERVER['SERVER_NAME'] . PATH . 'register.php?key=' . $user_key . '&amp;email=' . $email . '">Register here</a>.<br />';
    $body .= 'Registration Key: ' . $user_key;
    $body .= $config['cosmos']['email_footer'];
    $body .= '</body></html>';
    // replace %ech_name% in body of email with var from config
    $body = preg_replace('#%ech_name%#', $config['cosmos']['name'], $body);
    // replace %name%
    $body = preg_replace('#%name%#', 'new user', $body);
    $headers = "From: echelon@" . $_SERVER['HTTP_HOST'] . "\r\n";
    $headers .= "Reply-To: " . EMAIL . "\r\n";
    $headers .= "MIME-Version: 1.0\r\n";
    $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
    $subject = "Echelon User Registration";
    // send email
    if (!mail($email, $subject, $body, $headers)) {
        sendback('There was a problem sending the email.');
    }
    sendGood('Key Setup and Email has been sent to user');
}
// remind the admin to add the new user as they did not recieve an email
sendGood('Don\'t forget to give the user their registration key, since it was not mailed');
Exemple #7
0
    ## check that the sent form token is corret
    if (verifyFormToken('greeting', $tokens) == false) {
        // verify token
        ifTokenBad('Add comment');
    }
    $greeting = cleanvar($_POST['greeting']);
    $client_id = cleanvar($_POST['cid']);
    // NOTE: allow for an empty comment. An empty comment means no comment
    emptyInput($client_id, 'data not sent');
    if (!isID($client_id)) {
        sendBack('Invalid data sent, greeting not changed');
    }
    ## Add Log Message ##
    $comment = 'Greeting message changed';
    $dbl->addEchLog('Greeting', $comment, $client_id, $mem->id);
    ## Query ##
    $query = "UPDATE clients SET greeting = ? WHERE id = ? LIMIT 1";
    $stmt = $db->mysql->prepare($query) or sendBack('Database Error');
    $stmt->bind_param('si', $greeting, $client_id);
    $stmt->execute();
    if ($stmt->affected_rows) {
        sendGood('Greeting has been updated');
    } else {
        sendBack('Greeting was not updated');
    }
    $stmt->close();
    // close connection
} else {
    set_error('Please do not call that page directly, thank you.');
    send('../../index.php');
}
Exemple #8
0
            $rcon_ip = $config['game']['servers'][$i]['rcon_ip'];
            $rcon_port = $config['game']['servers'][$i]['rcon_port'];
            // PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
            $command = "pb_sv_unbanguid " . $pbid;
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
            // send the ban command
            sleep(1);
            // sleep for 1 sec in ordere to the give server some time
            $command_upd = "pb_sv_updbanfile";
            // we need to update the ban files
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
            // send the ban file update command
        }
        $i++;
    }
}
// set comment for the edit ban action
if ($duration == 0) {
    $comment = 'Changed ban #' . $ban_id . ' to a permanent ban';
} else {
    $dur_name = array('m' => 'minute', 'h' => 'hour', 'd' => 'day', 'w' => 'week', 'mn' => 'month', 'y' => 'year');
    $comment = 'Changed ban #' . $ban_id . ' to a ' . $duration_form . ' ' . $dur_name[$time] . ' temp ban';
}
## Query ##
$result = $dbl->addEchLog('Edit Ban', $comment, $cid, $mem->id, $game);
if ($results) {
    sendGood('Ban edited');
} else {
    sendBack('NO!');
}
exit;
Exemple #9
0
## If a permaban send unban rcon command ##
if ($type == 'Ban') {
    ## Get the PBID of the client ##
    $pbid = $db->getPBIDfromPID($pen_id);
    ## Loop thro server for this game and send unban command and update ban file
    $i = 1;
    while ($i <= $game_num_srvs) {
        if ($config['game']['servers'][$i]['pb_active'] == '1') {
            // get the rcon information from the massive config array
            $rcon_pass = $config['game']['servers'][$i]['rcon_pass'];
            $rcon_ip = $config['game']['servers'][$i]['rcon_ip'];
            $rcon_port = $config['game']['servers'][$i]['rcon_port'];
            // PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
            $command = "pb_sv_unbanguid " . $pbid;
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
            // send the ban command
            sleep(1);
            // sleep for 1 sec in ordere to the give server some time
            $command_upd = "pb_sv_updbanfile";
            // we need to update the ban files
            rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
            // send the ban file update command
        }
        $i++;
    }
}
if ($results) {
    // if good results send back good message
    sendGood('Penalty has been deactivated');
}
exit;
Exemple #10
0
$auth_name = 'comment';
$b3_conn = true;
// this page needs to connect to the B3 database
require '../../inc.php';
if (!isset($_POST['comment-sub'])) {
    // if the form is submitted
    set_error('Please do not call that page directly');
    send('../../');
}
## check that the sent form token is corret
if (verifyFormToken('comment', $tokens) == false) {
    // verify token
    ifTokenBad('Add comment');
}
// Gets vars from form
$cid = cleanvar($_POST['cid']);
$comment = cleanvar($_POST['comment']);
// Check for empties
emptyInput($comment, 'comment');
emptyInput($cid, 'client id not sent');
## Check sent client_id is a number ##
if (!isID($cid)) {
    sendBack('Invalid data sent, ban not added');
}
## Query ##
$result = $dbl->addEchLog('Comment', $comment, $cid, $mem->id, $game);
if ($result) {
    sendGood('Comment added');
} else {
    sendBack('There is a problem, your comment was not added to the database');
}
Exemple #11
0
            // if is AJAX request
            echo $data;
        } else {
            sendBack('');
        }
        // sendBack with no error
    }
}
if (isset($_GET['auto'])) {
    echo $plugin->getLastChats($_GET['table-num'], $_GET['last-id']);
}
if (isset($_POST['tables'])) {
    if ($mem->reqLevel('chats_edit_tables')) {
        // extra perms needed to edit settings
        $tables = $_POST['tables'];
        $names = $_POST['table-names'];
        emptyInput($tables, 'tables');
        emptyInput($names, 'names');
        $num_tables = count(explode(',', $tables));
        $num_names = count(explode(',', $names));
        if ($num_tables != $num_names) {
            sendBack('You need to have the same number of tables listed as you do names');
        }
        $results = $plugin->editSettings($tables, $names);
        if (!$results) {
            sendBack('There was a problem. Maybe the table names you gave us are incorrect.');
        } else {
            sendGood('The chatlog settings have been updated');
        }
    }
}
Exemple #12
0
## check that the sent form token is corret
if (verifyFormToken('xlrstats', $tokens) == false) {
    // verify token
    ifTokenBad('XLRstats Edit');
}
// Gets vars from form
$cid = cleanvar($_POST['cid']);
$name = cleanvar($_POST['fixed-name']);
$hide = cleanvar($_POST['hidden']);
if ($hide == 'on') {
    $hide = 1;
} else {
    $hide = 0;
}
// NOTE: when the user supplies an empty fixed name, the db will be updated with a blank/NULL field, in effect disabling the feature
## Check sent client_id is a number ##
if (!isID($cid)) {
    sendBack('Invalid data sent, ban not added');
}
## LOG Query ##
$results = $dbl->addEchLog('XLRstats', 'XLRstats information changed', $cid, $mem->id);
## Update XLRstats table ##
$query = "UPDATE xlr_playerstats SET hide = ?, fixed_name = ? WHERE client_id = ? LIMIT 1";
$stmt = $db->mysql->prepare($query) or die('DB Error');
$stmt->bind_param('isi', $hide, $name, $cid);
$stmt->execute();
if ($stmt->affected_rows > 0) {
    sendGood('XLRstats information edited');
} else {
    sendBack('There is a problem, changes were not saved');
}
Exemple #13
0
}
## Add Echelon Log ##
$level_name = $b3_groups_name[$level];
$old_level_name = $b3_groups_name[$old_level];
if (!$is_mask) {
    $comment = 'User level changed from ' . $old_level_name . ' to ' . $level_name;
} else {
    $comment = 'Mask level changed from ' . $old_level_name . ' to ' . $level_name;
}
$dbl->addEchLog('Level Change', $comment, $client_id, $mem->id);
## Query Section ##
if (!$is_mask) {
    $query = "UPDATE clients SET group_bits = ? WHERE id = ? LIMIT 1";
} else {
    $query = "UPDATE clients SET mask_level = ? WHERE id = ? LIMIT 1";
}
$stmt = $db->mysql->prepare($query) or sendBack('Database Error');
$stmt->bind_param('ii', $level, $client_id);
$stmt->execute();
if ($is_mask) {
    $msg_st = 'Mask';
} else {
    $msg_st = 'User';
}
if ($stmt->affected_rows) {
    sendGood($msg_st . ' level has been changed');
} else {
    sendBack($msg_st . ' level was not changed');
}
$stmt->close();
// close connection
Exemple #14
0
// hash the random string to get the user hash
## email user about the key ##
$body = '<html><body>';
$body .= '<h2>Echelon User Key</h2>';
$body .= $config['cosmos']['email_header'];
$body .= 'This is the key you will need to use to register on Echelon. 
			<a href="http://' . $_SERVER['SERVER_NAME'] . PATH . 'register.php?key=' . $user_key . '&amp;email=' . $email . '">Register here</a>.<br />';
$body .= 'Registration Key: ' . $user_key;
$body .= $config['cosmos']['email_footer'];
$body .= '</body></html>';
// replace %ech_name% in body of email with var from config
$body = preg_replace('#%ech_name%#', $config['cosmos']['name'], $body);
// replace %name%
$body = preg_replace('#%name%#', 'new user', $body);
$headers = "From: echelon@" . $_SERVER['HTTP_HOST'] . "\r\n";
$headers .= "Reply-To: " . EMAIL . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$subject = "Echelon User Registration";
// send email
if (!mail($email, $subject, $body, $headers)) {
    sendback('There was a problem sending the email.');
}
## run query to add key to the DB ##
$add_user = $dbl->addEchKey($user_key, $email, $comment, $group, $mem->id);
if (!$add_user) {
    sendBack('There was a problem adding the key into the database');
}
// all good send back good message
sendGood('Key Setup and Email has been sent to user');
Exemple #15
0
    # verify token #
    if (!verifyFormToken('perm-group-edit', $tokens)) {
        ifTokenBad('Edit Group Permissions');
    }
    $group_id = cleanvar($_GET['gid']);
    // get the group to update from the URL
    ## check numeric id ##
    if (!is_numeric($group_id)) {
        sendBack('Invalid data sent, request aborted');
    }
    $data = getPostsPerms($_POST);
    $perms_list = $dbl->getPermissions(false);
    // get a full list of all perms (without desc)
    foreach ($perms_list as $perm) {
        // compare the two lists and create a common list of perms
        $perm_id = $perm['id'];
        $perm_name = $perm['name'];
        if (array_key_exists($perm_name, $data)) {
            $list .= $perm_id . ',';
        }
    }
    $perms_new = substr($list, 0, -1);
    // remove the final comma
    $result = $dbl->setGroupPerms($group_id, $perms_new);
    // update the DB
    if (!$result) {
        sendBack('There was an error updating the database with the new information');
    } else {
        sendGood('Everything has been updated and saved successfully');
    }
}
Exemple #16
0
    } else {
        sendBack('There is a problem. The user has not been deleted');
    }
    exit;
} elseif ($_POST['ad-edit-user']) {
    // admin edit user
    ## get and clean vars ##
    $username = cleanvar($_POST['username']);
    $display = cleanvar($_POST['display']);
    $email = cleanvar($_POST['email']);
    $group = cleanvar($_POST['group']);
    $id = cleanvar($_POST['id']);
    ## check numeric id ##
    if (!is_numeric($id)) {
        sendBack('Invalid data sent, request aborted');
    }
    # verify token #
    if (!verifyFormToken('adedituser', $tokens)) {
        ifTokenBad('Edit Echelon User');
    }
    $result = $dbl->editUser($id, $username, $display, $email, $group);
    if ($result) {
        sendGood($display . "'s information has been updated");
    } else {
        sendBack('There is a problem. The user information has not been changed');
    }
    exit;
} else {
    set_error('You cannot view this page directly');
    send('sa.php');
}