function AddBlock($nickname, $type, $steam, $length, $reason) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a block, but doesnt have access."); return $objResponse; } $steam = trim($steam); $error = 0; // If they didnt type a steamid if (empty($steam)) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if (!is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { $objResponse->addAssign("steam.msg", "innerHTML", ""); $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');"); } } if ($error > 0) { return $objResponse; } $nickname = RemoveCode($nickname); $reason = RemoveCode($reason); if (!$length) { $len = 0; } else { $len = $length * 60; } // prune any old bans PruneComms(); $typeW = ""; switch ((int) $type) { case 1: $typeW = "type = 1"; break; case 2: $typeW = "type = 2"; break; case 3: $typeW = "(type = 1 OR type = 2)"; break; default: $typeW = ""; break; } // Check if the new steamid is already banned $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_comms WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND " . $typeW, array($steam)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already blocked.', 'red', '');"); return $objResponse; } // Check if player is immune $admchk = $userbank->GetAllAdmins(); foreach ($admchk as $admin) { if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) { $objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');"); return $objResponse; } } if ((int) $type == 1 || (int) $type == 3) { $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),1,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } if ((int) $type == 2 || (int) $type == 3) { $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),2,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } $objResponse->addScript("ShowBlockBox('" . $steam . "', '" . (int) $type . "', '" . (int) $len . "');"); $objResponse->addScript("TabToReload();"); $log = new CSystemLog("m", "Block Added", "Block against (" . $steam . ") has been added, reason: {$reason}, length: {$length}", true, $kickit); return $objResponse; }
function BanFriends($friendid, $name) { set_time_limit(0); $objResponse = new xajaxResponse(); if ($GLOBALS['config']['config.enablefriendsbanning'] == 0 || !is_numeric($friendid)) { return $objResponse; } global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался забанить друга '" . RemoveCode($friendid) . "', не имея на это прав."); return $objResponse; } $bans = $GLOBALS['db']->GetAll("SELECT CAST(MID(authid, 9, 1) AS UNSIGNED) + CAST('76561197960265728' AS UNSIGNED) + CAST(MID(authid, 11, 10) * 2 AS UNSIGNED) AS community_id FROM " . DB_PREFIX . "_bans WHERE RemoveType IS NULL;"); foreach ($bans as $ban) { $already[] = $ban["community_id"]; } $doc = new DOMDocument(); $result = get_headers("http://steamcommunity.com/profiles/" . $friendid . "/", 1); $raw = file_get_contents(($result["Location"] != "" ? $result["Location"] : "http://steamcommunity.com/profiles/" . $friendid . "/") . "friends"); // get the friends page @$doc->loadHTML($raw); $divs = $doc->getElementsByTagName('div'); foreach ($divs as $div) { if ($div->getAttribute('id') == "memberList") { $memberdiv = $div; break; } } $total = 0; $bannedbefore = 0; $error = 0; $links = $memberdiv->getElementsByTagName('a'); foreach ($links as $link) { if ((strstr($link->getAttribute('href'), "http://steamcommunity.com/id/") || strstr($link->getAttribute('href'), "http://steamcommunity.com/profiles/")) && $link->childNodes->item(0)->nodeValue != "") { $total++; $url = parse_url($link->getAttribute('href'), PHP_URL_PATH); $url = explode("/", $url); if (in_array($url[2], $already)) { $bannedbefore++; continue; } if (strstr($link->getAttribute('href'), "http://steamcommunity.com/id/")) { // we don't have the friendid as this player is using a custom id :S need to get the friendid if ($tfriend = GetFriendIDFromCommunityID($url[2])) { if (in_array($tfriend, $already)) { $bannedbefore++; continue; } $cust = $url[2]; $steamid = FriendIDToSteamID($tfriend); $urltag = $tfriend; } else { $error++; continue; } } else { // just a normal friendid profile =) $cust = NULL; $steamid = FriendIDToSteamID($url[2]); $urltag = $url[2]; } $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,UNIX_TIMESTAMP(),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array(0, "", $steamid, utf8_decode($link->childNodes->item(0)->nodeValue), 0, "Бан друга Steam Commynity (" . htmlspecialchars($name) . ")", $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } } if ($total == 0) { $objResponse->addScript("ShowBox('Ошибка выборки друзей', 'Ошибка выборки друзей из профиля STEAM. Возможно его профиль скрыт, или у него нет друзей!', 'red', 'index.php?p=banlist', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); return $objResponse; } $objResponse->addScript("ShowBox('Дрзья были забанены', 'Забанено " . ($total - $bannedbefore - $error) . " из " . $total . " друзей у \\'" . htmlspecialchars($name) . "\\'.<br>" . $bannedbefore . " были забанены до этого.<br>" . $error . " ошибок.', 'green', 'index.php?p=banlist', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $log = new CSystemLog("m", "Друзья забанены", "Забанено " . ($total - $bannedbefore - $error) . " из " . $total . " друзей у \\'" . htmlspecialchars($name) . "\\'.<br>" . $bannedbefore . " были забанены до этого.<br>" . $error . " ошибок."); return $objResponse; }
function BanFriends($friendid, $name) { set_time_limit(0); $objResponse = new xajaxResponse(); if ($GLOBALS['config']['config.enablefriendsbanning'] == 0 || !is_numeric($friendid)) { return $objResponse; } global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to ban friends of '" . RemoveCode($friendid) . "', but doesnt have access."); return $objResponse; } $bans = $GLOBALS['db']->GetAll("SELECT CAST(MID(authid, 9, 1) AS UNSIGNED) + CAST('76561197960265728' AS UNSIGNED) + CAST(MID(authid, 11, 10) * 2 AS UNSIGNED) AS community_id FROM " . DB_PREFIX . "_bans WHERE RemoveType IS NULL;"); foreach ($bans as $ban) { $already[] = $ban["community_id"]; } $doc = new DOMDocument(); $result = get_headers("http://steamcommunity.com/profiles/" . $friendid . "/", 1); $raw = file_get_contents(($result["Location"] != "" ? $result["Location"] : "http://steamcommunity.com/profiles/" . $friendid . "/") . "friends"); // get the friends page @$doc->loadHTML($raw); $divs = $doc->getElementsByTagName('div'); foreach ($divs as $div) { if ($div->getAttribute('id') == "memberList") { $memberdiv = $div; break; } } $total = 0; $bannedbefore = 0; $error = 0; $links = $memberdiv->getElementsByTagName('a'); foreach ($links as $link) { if (strstr($link->getAttribute('href'), "http://steamcommunity.com/id/") || strstr($link->getAttribute('href'), "http://steamcommunity.com/profiles/")) { $total++; $url = parse_url($link->getAttribute('href'), PHP_URL_PATH); $url = explode("/", $url); if (in_array($url[2], $already)) { $bannedbefore++; continue; } if (strstr($link->getAttribute('href'), "http://steamcommunity.com/id/")) { // we don't have the friendid as this player is using a custom id :S need to get the friendid if ($tfriend = GetFriendIDFromCommunityID($url[2])) { if (in_array($tfriend, $already)) { $bannedbefore++; continue; } $cust = $url[2]; $steamid = FriendIDToSteamID($tfriend); $urltag = $tfriend; } else { $error++; continue; } } else { // just a normal friendid profile =) $cust = NULL; $steamid = FriendIDToSteamID($url[2]); $urltag = $url[2]; } // get the name $friendName = $link->parentNode->childNodes->item(5)->childNodes->item(0)->nodeValue; $friendName = str_replace(" ", "", $friendName); $friendName = trim($friendName); $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,UNIX_TIMESTAMP(),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array(0, "", $steamid, utf8_decode($friendName), 0, "Steam Community Friend Ban (" . htmlspecialchars($name) . ")", $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } } if ($total == 0) { $objResponse->addScript("ShowBox('Error retrieving friends', 'There was an error retrieving the friend list. Check if the profile isn\\'t private or if he hasn\\'t got any friends!', 'red', 'index.php?p=banlist', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); return $objResponse; } $objResponse->addScript("ShowBox('Friends banned successfully', 'Banned " . ($total - $bannedbefore - $error) . "/" . $total . " friends of \\'" . htmlspecialchars($name) . "\\'.<br>" . $bannedbefore . " were banned already.<br>" . $error . " failed.', 'green', 'index.php?p=banlist', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $log = new CSystemLog("m", "Friends Banned", "Banned " . ($total - $bannedbefore - $error) . "/" . $total . " friends of \\'" . htmlspecialchars($name) . "\\'.<br>" . $bannedbefore . " were banned already.<br>" . $error . " failed."); return $objResponse; }
PageDie(); } isset($_GET["page"]) ? $pagelink = "&page=" . $_GET["page"] : ($pagelink = ""); $errorScript = ""; if (isset($_POST['name'])) { $_POST['steam'] = trim($_POST['steam']); $_POST['type'] = (int) $_POST['type']; // Form Validation $error = 0; // If they didn't type a steamid if (empty($_POST['steam'])) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'You must type a Steam ID or Community ID';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { if (!is_numeric($_POST['steam']) && !validate_steam($_POST['steam']) || is_numeric($_POST['steam']) && (strlen($_POST['steam']) < 15 || !validate_steam($_POST['steam'] = FriendIDToSteamID($_POST['steam'])))) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Please enter a valid Steam ID or Community ID';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } } // Didn't type a custom reason if ($_POST['listReason'] == "other" && empty($_POST['txtReason'])) { $error++; $errorScript .= "\$('reason.msg').innerHTML = 'You must type a reason';"; $errorScript .= "\$('reason.msg').setStyle('display', 'block');"; } // prune any old bans PruneComms(); if ($error == 0) { // Check if the new steamid is already banned
} else { if ($a_name != $userbank->GetProperty('user', $_GET['id']) && is_taken("admins", "user", $a_name)) { $error++; $errorScript .= "\$('adminname.msg').innerHTML = 'An admin with this name already exists.';"; $errorScript .= "\$('adminname.msg').setStyle('display', 'block');"; } } } // If they didnt type a steamid if (empty($a_steam) || strlen($a_steam) < 10) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'You must type a Steam ID or Community ID for the admin.';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { // Validate the steamid or fetch it from the community id if (!is_numeric($a_steam) && !validate_steam($a_steam) || is_numeric($a_steam) && (strlen($a_steam) < 15 || !validate_steam($a_steam = FriendIDToSteamID($a_steam)))) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Please enter a valid Steam ID or Community ID.';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { // Is an other admin already registred with that steam id? if ($a_steam != $userbank->GetProperty('authid', $_GET['id']) && is_taken("admins", "authid", $a_steam)) { $admins = $userbank->GetAllAdmins(); foreach ($admins as $admin) { if ($admin['authid'] == $a_steam) { $name = $admin['user']; break; } } $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Admin " . htmlspecialchars(addslashes($name)) . " already uses this Steam ID.';";