Esempio n. 1
0
$servers = array();
global $userbank;
function setPostKey()
{
    if (isset($_SERVER['REMOTE_IP'])) {
        $_SESSION['banlist_postkey'] = md5($_SERVER['REMOTE_IP'] . time() . rand(0, 100000));
    } else {
        $_SESSION['banlist_postkey'] = md5(time() . rand(0, 100000));
    }
}
if (!isset($_SESSION['banlist_postkey']) || strlen($_SESSION['banlist_postkey']) < 4) {
    setPostKey();
}
$page = 1;
$pagelink = "";
PruneBans();
if (isset($_GET['page']) && $_GET['page'] > 0) {
    $page = intval($_GET['page']);
    $pagelink = "&page=" . $page;
}
if (version_compare($GLOBALS['db_version'], "5.6.0") >= 0 && version_compare($GLOBALS['db_version'], "10.0.0") < 0) {
    $GLOBALS['db']->Execute("set session optimizer_switch='block_nested_loop=off';");
}
if (isset($_GET['a']) && $_GET['a'] == "unban" && isset($_GET['id'])) {
    if ($_GET['key'] != $_SESSION['banlist_postkey']) {
        die("Possible hacking attempt (URL Key mismatch)");
    }
    //we have a multiple unban asking
    if (isset($_GET['bulk'])) {
        $bids = explode(",", $_GET['id']);
    } else {
Esempio n. 2
0
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
    $objResponse = new xajaxResponse();
    global $userbank, $username;
    if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
        $objResponse->redirect("index.php?p=login&m=no_access", 0);
        $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a ban, but doesnt have access.");
        return $objResponse;
    }
    $steam = trim($steam);
    $error = 0;
    // If they didnt type a steamid
    if (empty($steam) && $type == 0) {
        $error++;
        $objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID");
        $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
    } else {
        if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
            $error++;
            $objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID");
            $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
        } else {
            if (empty($ip) && $type == 1) {
                $error++;
                $objResponse->addAssign("ip.msg", "innerHTML", "You must type an IP");
                $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
            } else {
                if ($type == 1 && !validate_ip($ip)) {
                    $error++;
                    $objResponse->addAssign("ip.msg", "innerHTML", "You must type a valid IP");
                    $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
                } else {
                    $objResponse->addAssign("steam.msg", "innerHTML", "");
                    $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
                    $objResponse->addAssign("ip.msg", "innerHTML", "");
                    $objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
                }
            }
        }
    }
    if ($error > 0) {
        return $objResponse;
    }
    $nickname = RemoveCode($nickname);
    $ip = preg_replace('#[^\\d\\.]#', '', $ip);
    //strip ip of all but numbers and dots
    $dname = RemoveCode($dname);
    $reason = RemoveCode($reason);
    if (!$length) {
        $len = 0;
    } else {
        $len = $length * 60;
    }
    // prune any old bans
    PruneBans();
    if ((int) $type == 0) {
        // Check if the new steamid is already banned
        $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
        if (intval($chk[0]) > 0) {
            $objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already banned.', 'red', '');");
            return $objResponse;
        }
        // Check if player is immune
        $admchk = $userbank->GetAllAdmins();
        foreach ($admchk as $admin) {
            if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
                $objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');");
                return $objResponse;
            }
        }
    }
    if ((int) $type == 1) {
        $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
        if (intval($chk[0]) > 0) {
            $objResponse->addScript("ShowBox('Error', 'IP: {$ip} is already banned.', 'red', '');");
            return $objResponse;
        }
    }
    $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
    $GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
    $subid = $GLOBALS['db']->Insert_ID();
    if ($dname && $dfile && preg_match('/^[a-z0-9]*$/i', $dfile)) {
        $GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t     VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
    }
    if ($fromsub) {
        $submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
        // Send an email when ban is accepted
        $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
        $headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
        $message = "Hello,\n";
        $message .= "Your ban submission was accepted by our admins.\nThank you for your support!\nClick the link below to view the current ban list.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
        mail($submail->fields['email'], "[SourceBans] Ban Added", $message, $headers);
        $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
    }
    $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
    $kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
    if ($kickit) {
        $objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
    } else {
        $objResponse->addScript("ShowBox('Ban Added', 'The ban has been successfully added', 'green', 'index.php?p=admin&c=bans');");
    }
    $objResponse->addScript("TabToReload();");
    $log = new CSystemLog("m", "Ban Added", "Ban against (" . ((int) $type == 0 ? $steam : $ip) . ") has been added, reason: {$reason}, length: {$length}", true, $kickit);
    return $objResponse;
}
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
    $objResponse = new xajaxResponse();
    global $userbank, $username;
    if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
        $objResponse->redirect("index.php?p=login&m=no_access", 0);
        $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался добавить бан, не имея на то прав.");
        return $objResponse;
    }
    $steam = trim($steam);
    $error = 0;
    // If they didnt type a steamid
    if (empty($steam) && $type == 0) {
        $error++;
        $objResponse->addAssign("steam.msg", "innerHTML", "Введите Steam ID или Community ID");
        $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
    } else {
        if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
            $error++;
            $objResponse->addAssign("steam.msg", "innerHTML", "Введите действительный Steam ID или Community ID");
            $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
        } else {
            if (empty($ip) && $type == 1) {
                $error++;
                $objResponse->addAssign("ip.msg", "innerHTML", "Введите IP");
                $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
            } else {
                if ($type == 1 && !validate_ip($ip)) {
                    $error++;
                    $objResponse->addAssign("ip.msg", "innerHTML", "Введите действительный IP");
                    $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
                } else {
                    $objResponse->addAssign("steam.msg", "innerHTML", "");
                    $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
                    $objResponse->addAssign("ip.msg", "innerHTML", "");
                    $objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
                }
            }
        }
    }
    if ($error > 0) {
        return $objResponse;
    }
    $nickname = RemoveCode($nickname);
    $ip = preg_replace('#[^\\d\\.]#', '', $ip);
    //strip ip of all but numbers and dots
    $dname = RemoveCode($dname);
    $reason = RemoveCode($reason);
    if (!$length) {
        $len = 0;
    } else {
        $len = $length * 60;
    }
    // prune any old bans
    PruneBans();
    if ((int) $type == 0) {
        // Check if the new steamid is already banned
        $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
        if (intval($chk[0]) > 0) {
            $objResponse->addScript("ShowBox('Ошибка', 'SteamID: {$steam} уже забанен.', 'red', '');");
            return $objResponse;
        }
        // Check if player is immune
        $admchk = $userbank->GetAllAdmins();
        foreach ($admchk as $admin) {
            if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
                $objResponse->addScript("ShowBox('Ошибка', 'SteamID админа " . $admin['user'] . " ({$steam}) под иммунитетом.', 'red', '');");
                return $objResponse;
            }
        }
    }
    if ((int) $type == 1) {
        $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
        if (intval($chk[0]) > 0) {
            $objResponse->addScript("ShowBox('Ошибка', 'Этот IP ({$ip}) уже забанен.', 'red', '');");
            return $objResponse;
        }
    }
    $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
    $GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
    $subid = $GLOBALS['db']->Insert_ID();
    if ($dname && $dfile) {
        $GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t     VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
    }
    if ($fromsub) {
        $submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
        // Send an email when ban is accepted
        $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
        $headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
        $message = "Привет,\n";
        $message .= "Ваша заявка на бан подтверждена админом.\nПерейдите по ссылке, чтобы посмотреть банлист.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
        mail($submail->fields['email'], "[SourceBans] Бан добавлен", $message, $headers);
        $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
    }
    $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
    $kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
    if ($kickit) {
        $objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
    } else {
        $objResponse->addScript("ShowBox('Бан добавлен', 'Бан успешно добавлен', 'green', 'index.php?p=admin&c=bans');");
    }
    $objResponse->addScript("TabToReload();");
    $log = new CSystemLog("m", "Бан добавлен", "Бан против (" . ((int) $type == 0 ? $steam : $ip) . ") был добавлен, причина: {$reason}, срок: {$reason}, length: {$length}", true, $kickit);
    return $objResponse;
}