function AddBlock($nickname, $type, $steam, $length, $reason) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a block, but doesnt have access."); return $objResponse; } $steam = trim($steam); $error = 0; // If they didnt type a steamid if (empty($steam)) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if (!is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { $objResponse->addAssign("steam.msg", "innerHTML", ""); $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');"); } } if ($error > 0) { return $objResponse; } $nickname = RemoveCode($nickname); $reason = RemoveCode($reason); if (!$length) { $len = 0; } else { $len = $length * 60; } // prune any old bans PruneComms(); $typeW = ""; switch ((int) $type) { case 1: $typeW = "type = 1"; break; case 2: $typeW = "type = 2"; break; case 3: $typeW = "(type = 1 OR type = 2)"; break; default: $typeW = ""; break; } // Check if the new steamid is already banned $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_comms WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND " . $typeW, array($steam)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already blocked.', 'red', '');"); return $objResponse; } // Check if player is immune $admchk = $userbank->GetAllAdmins(); foreach ($admchk as $admin) { if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) { $objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');"); return $objResponse; } } if ((int) $type == 1 || (int) $type == 3) { $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),1,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } if ((int) $type == 2 || (int) $type == 3) { $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),2,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); } $objResponse->addScript("ShowBlockBox('" . $steam . "', '" . (int) $type . "', '" . (int) $len . "');"); $objResponse->addScript("TabToReload();"); $log = new CSystemLog("m", "Block Added", "Block against (" . $steam . ") has been added, reason: {$reason}, length: {$length}", true, $kickit); return $objResponse; }
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался добавить бан, не имея на то прав."); return $objResponse; } $steam = trim($steam); $error = 0; // If they didnt type a steamid if (empty($steam) && $type == 0) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "Введите Steam ID или Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "Введите действительный Steam ID или Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if (empty($ip) && $type == 1) { $error++; $objResponse->addAssign("ip.msg", "innerHTML", "Введите IP"); $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');"); } else { if ($type == 1 && !validate_ip($ip)) { $error++; $objResponse->addAssign("ip.msg", "innerHTML", "Введите действительный IP"); $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');"); } else { $objResponse->addAssign("steam.msg", "innerHTML", ""); $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');"); $objResponse->addAssign("ip.msg", "innerHTML", ""); $objResponse->addScript("\$('ip.msg').setStyle('display', 'none');"); } } } } if ($error > 0) { return $objResponse; } $nickname = RemoveCode($nickname); $ip = preg_replace('#[^\\d\\.]#', '', $ip); //strip ip of all but numbers and dots $dname = RemoveCode($dname); $reason = RemoveCode($reason); if (!$length) { $len = 0; } else { $len = $length * 60; } // prune any old bans PruneBans(); if ((int) $type == 0) { // Check if the new steamid is already banned $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Ошибка', 'SteamID: {$steam} уже забанен.', 'red', '');"); return $objResponse; } // Check if player is immune $admchk = $userbank->GetAllAdmins(); foreach ($admchk as $admin) { if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) { $objResponse->addScript("ShowBox('Ошибка', 'SteamID админа " . $admin['user'] . " ({$steam}) под иммунитетом.', 'red', '');"); return $objResponse; } } } if ((int) $type == 1) { $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Ошибка', 'Этот IP ({$ip}) уже забанен.', 'red', '');"); return $objResponse; } } $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); $subid = $GLOBALS['db']->Insert_ID(); if ($dname && $dfile) { $GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname)); } if ($fromsub) { $submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'"); // Send an email when ban is accepted $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4); $headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion(); $message = "Привет,\n"; $message .= "Ваша заявка на бан подтверждена админом.\nПерейдите по ссылке, чтобы посмотреть банлист.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist"; mail($submail->fields['email'], "[SourceBans] Бан добавлен", $message, $headers); $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'"); } $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam)); $kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1"; if ($kickit) { $objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');"); } else { $objResponse->addScript("ShowBox('Бан добавлен', 'Бан успешно добавлен', 'green', 'index.php?p=admin&c=bans');"); } $objResponse->addScript("TabToReload();"); $log = new CSystemLog("m", "Бан добавлен", "Бан против (" . ((int) $type == 0 ? $steam : $ip) . ") был добавлен, причина: {$reason}, срок: {$reason}, length: {$length}", true, $kickit); return $objResponse; }
$PlayerName = ""; $BanReason = ""; $SubmitterName = ""; $Email = ""; $SID = -1; } else { $SteamID = trim(htmlspecialchars($_POST['SteamID'])); $BanIP = trim(htmlspecialchars($_POST['BanIP'])); $PlayerName = htmlspecialchars($_POST['PlayerName']); $BanReason = htmlspecialchars($_POST['BanReason']); $SubmitterName = htmlspecialchars($_POST['SubmitName']); $Email = trim(htmlspecialchars($_POST['EmailAddr'])); $SID = (int) $_POST['server']; $validsubmit = true; $errors = ""; if (strlen($SteamID) != 0 && $SteamID != "STEAM_0:" && !validate_steam($SteamID)) { $errors .= '* Please type a valid STEAM ID.<br>'; $validsubmit = false; } if (strlen($BanIP) != 0 && !validate_ip($BanIP)) { $errors .= '* Please type a valid IP-address.<br>'; $validsubmit = false; } if (strlen($PlayerName) == 0) { $errors .= '* You must include a player name<br>'; $validsubmit = false; } if (strlen($BanReason) == 0) { $errors .= '* You must include comments<br>'; $validsubmit = false; }
PageDie(); } isset($_GET["page"]) ? $pagelink = "&page=" . $_GET["page"] : ($pagelink = ""); $errorScript = ""; if (isset($_POST['name'])) { $_POST['steam'] = trim($_POST['steam']); $_POST['type'] = (int) $_POST['type']; // Form Validation $error = 0; // If they didn't type a steamid if (empty($_POST['steam'])) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'You must type a Steam ID or Community ID';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { if (!is_numeric($_POST['steam']) && !validate_steam($_POST['steam']) || is_numeric($_POST['steam']) && (strlen($_POST['steam']) < 15 || !validate_steam($_POST['steam'] = FriendIDToSteamID($_POST['steam'])))) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Please enter a valid Steam ID or Community ID';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } } // Didn't type a custom reason if ($_POST['listReason'] == "other" && empty($_POST['txtReason'])) { $error++; $errorScript .= "\$('reason.msg').innerHTML = 'You must type a reason';"; $errorScript .= "\$('reason.msg').setStyle('display', 'block');"; } // prune any old bans PruneComms(); if ($error == 0) { // Check if the new steamid is already banned
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a ban, but doesnt have access."); return $objResponse; } $steam = trim($steam); $error = 0; // If they didnt type a steamid if (empty($steam) && $type == 0) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) { $error++; $objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID"); $objResponse->addScript("\$('steam.msg').setStyle('display', 'block');"); } else { if (empty($ip) && $type == 1) { $error++; $objResponse->addAssign("ip.msg", "innerHTML", "You must type an IP"); $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');"); } else { if ($type == 1 && !validate_ip($ip)) { $error++; $objResponse->addAssign("ip.msg", "innerHTML", "You must type a valid IP"); $objResponse->addScript("\$('ip.msg').setStyle('display', 'block');"); } else { $objResponse->addAssign("steam.msg", "innerHTML", ""); $objResponse->addScript("\$('steam.msg').setStyle('display', 'none');"); $objResponse->addAssign("ip.msg", "innerHTML", ""); $objResponse->addScript("\$('ip.msg').setStyle('display', 'none');"); } } } } if ($error > 0) { return $objResponse; } $nickname = RemoveCode($nickname); $ip = preg_replace('#[^\\d\\.]#', '', $ip); //strip ip of all but numbers and dots $dname = RemoveCode($dname); $reason = RemoveCode($reason); if (!$length) { $len = 0; } else { $len = $length * 60; } // prune any old bans PruneBans(); if ((int) $type == 0) { // Check if the new steamid is already banned $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already banned.', 'red', '');"); return $objResponse; } // Check if player is immune $admchk = $userbank->GetAllAdmins(); foreach ($admchk as $admin) { if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) { $objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');"); return $objResponse; } } } if ((int) $type == 1) { $chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip)); if (intval($chk[0]) > 0) { $objResponse->addScript("ShowBox('Error', 'IP: {$ip} is already banned.', 'red', '');"); return $objResponse; } } $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)"); $GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR'])); $subid = $GLOBALS['db']->Insert_ID(); if ($dname && $dfile && preg_match('/^[a-z0-9]*$/i', $dfile)) { $GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname)); } if ($fromsub) { $submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'"); // Send an email when ban is accepted $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4); $headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion(); $message = "Hello,\n"; $message .= "Your ban submission was accepted by our admins.\nThank you for your support!\nClick the link below to view the current ban list.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist"; mail($submail->fields['email'], "[SourceBans] Ban Added", $message, $headers); $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'"); } $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam)); $kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1"; if ($kickit) { $objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');"); } else { $objResponse->addScript("ShowBox('Ban Added', 'The ban has been successfully added', 'green', 'index.php?p=admin&c=bans');"); } $objResponse->addScript("TabToReload();"); $log = new CSystemLog("m", "Ban Added", "Ban against (" . ((int) $type == 0 ? $steam : $ip) . ") has been added, reason: {$reason}, length: {$length}", true, $kickit); return $objResponse; }
$UnbanReason = ""; $Email = ""; } else { $Type = (int) $_POST['Type']; $SteamID = htmlspecialchars($_POST['SteamID']); $IP = htmlspecialchars($_POST['IP']); $PlayerName = htmlspecialchars($_POST['PlayerName']); $UnbanReason = htmlspecialchars($_POST['BanReason']); $Email = htmlspecialchars($_POST['EmailAddr']); $validsubmit = true; $errors = ""; $BanId = -1; if (get_magic_quotes_gpc()) { $UnbanReason = stripslashes($UnbanReason); } if ($Type == 0 && !validate_steam($SteamID)) { $errors .= '* Введите действительный STEAM ID.<br>'; $validsubmit = false; } elseif ($Type == 0) { $pre = $GLOBALS['db']->Prepare("SELECT bid FROM " . DB_PREFIX . "_bans WHERE authid=? AND RemovedBy IS NULL AND type=0;"); $res = $GLOBALS['db']->Execute($pre, array($SteamID)); if ($res->RecordCount() == 0) { $errors .= '* Этот STEAM ID не забанен!<br>'; $validsubmit = false; } else { $BanId = (int) $res->fields[0]; $res = $GLOBALS['db']->Execute("SELECT pid FROM " . DB_PREFIX . "_protests WHERE bid={$BanId}"); if ($res->RecordCount() > 0) { $errors .= '* Бан этого STEAM ID уже был опротестован.<br>'; $validsubmit = false; }
} else { if ($a_name != $userbank->GetProperty('user', $_GET['id']) && is_taken("admins", "user", $a_name)) { $error++; $errorScript .= "\$('adminname.msg').innerHTML = 'An admin with this name already exists.';"; $errorScript .= "\$('adminname.msg').setStyle('display', 'block');"; } } } // If they didnt type a steamid if (empty($a_steam) || strlen($a_steam) < 10) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'You must type a Steam ID or Community ID for the admin.';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { // Validate the steamid or fetch it from the community id if (!is_numeric($a_steam) && !validate_steam($a_steam) || is_numeric($a_steam) && (strlen($a_steam) < 15 || !validate_steam($a_steam = FriendIDToSteamID($a_steam)))) { $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Please enter a valid Steam ID or Community ID.';"; $errorScript .= "\$('steam.msg').setStyle('display', 'block');"; } else { // Is an other admin already registred with that steam id? if ($a_steam != $userbank->GetProperty('authid', $_GET['id']) && is_taken("admins", "authid", $a_steam)) { $admins = $userbank->GetAllAdmins(); foreach ($admins as $admin) { if ($admin['authid'] == $a_steam) { $name = $admin['user']; break; } } $error++; $errorScript .= "\$('steam.msg').innerHTML = 'Admin " . htmlspecialchars(addslashes($name)) . " already uses this Steam ID.';";
if (isset($_POST['action']) && $_POST['action'] == "importBans") { $bannedcfg = file($_FILES["importFile"]["tmp_name"]); $bancnt = 0; foreach ($bannedcfg as $ban) { $line = explode(" ", trim($ban)); if ($line[1] == "0") { if (validate_ip($line[2])) { $check = $GLOBALS['db']->Execute("SELECT ip FROM `" . DB_PREFIX . "_bans` WHERE ip = ? AND RemoveType IS NULL", array($line[2])); if ($check->RecordCount() == 0) { $bancnt++; $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,authid,ip,name,ends,length,reason,aid,adminIp,type) VALUES\r\n\t\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?,?)"); $GLOBALS['db']->Execute($pre, array("", $line[2], "Imported Ban", 0, 0, "banned_ip.cfg import", $_COOKIE['aid'], $_SERVER['REMOTE_ADDR'], 1)); } } else { // if its an banned_user.cfg if (!validate_steam($line[2])) { if (($accountId = getAccountId($line[2])) !== -1) { $steam = renderSteam2($accountId, 0); } else { continue; } } else { $steam = $line[2]; } $check = $GLOBALS['db']->Execute("SELECT authid FROM `" . DB_PREFIX . "_bans` WHERE authid = ? AND RemoveType IS NULL", array($steam)); if ($check->RecordCount() == 0) { if (!isset($_POST['friendsname']) || $_POST['friendsname'] != "on" || ($pname = GetCommunityName($steam)) == "") { $pname = "Imported Ban"; } $bancnt++; $pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,authid,ip,name,ends,length,reason,aid,adminIp,type) VALUES\r\n\t\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?,?)");