function SendMessage($sid, $name, $message)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->is_admin()) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Ошибка доступ", $username . " пытался отправить для '" . addslashes(htmlspecialchars($name)) . "' сообщение (\"" . RemoveCode($message) . "\"), не имея на это прав.");
return $objResponse;
}
$sid = (int) $sid;
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($data['rcon'])) {
$objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Не задан РКОН пароль!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';");
$objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Неверноый РКОН пароль!', 'red', '', true);");
return $objResponse;
}
$ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"');
new CSystemLog("m", "Сообщение отправлено", "Следующее сообщение было отправлено " . addslashes(htmlspecialchars($name)) . " на сервер " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message));
$objResponse->addScript("ShowBox('Сообщение отправлено', 'Сообщение для \\'" . addslashes(htmlspecialchars($name)) . "\\' успешно отправлено!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');");
return $objResponse;
}
function AddBlock($nickname, $type, $steam, $length, $reason)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a block, but doesnt have access.");
return $objResponse;
}
$steam = trim($steam);
$error = 0;
// If they didnt type a steamid
if (empty($steam)) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if (!is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
$objResponse->addAssign("steam.msg", "innerHTML", "");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
}
}
if ($error > 0) {
return $objResponse;
}
$nickname = RemoveCode($nickname);
$reason = RemoveCode($reason);
if (!$length) {
$len = 0;
} else {
$len = $length * 60;
}
// prune any old bans
PruneComms();
$typeW = "";
switch ((int) $type) {
case 1:
$typeW = "type = 1";
break;
case 2:
$typeW = "type = 2";
break;
case 3:
$typeW = "(type = 1 OR type = 2)";
break;
default:
$typeW = "";
break;
}
// Check if the new steamid is already banned
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_comms WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND " . $typeW, array($steam));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already blocked.', 'red', '');");
return $objResponse;
}
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');");
return $objResponse;
}
}
if ((int) $type == 1 || (int) $type == 3) {
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),1,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
}
if ((int) $type == 2 || (int) $type == 3) {
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_comms(created,type,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t (UNIX_TIMESTAMP(),2,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
}
$objResponse->addScript("ShowBlockBox('" . $steam . "', '" . (int) $type . "', '" . (int) $len . "');");
$objResponse->addScript("TabToReload();");
$log = new CSystemLog("m", "Block Added", "Block against (" . $steam . ") has been added, reason: {$reason}, length: {$length}", true, $kickit);
return $objResponse;
}
$errorScript .= "\$('steam.msg').setStyle('display', 'block');";
} else {
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $_POST['steam'] && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$error++;
$errorScript .= "\$('steam.msg').innerHTML = 'Admin " . $admin['user'] . " is immune';";
$errorScript .= "\$('steam.msg').setStyle('display', 'block');";
break;
}
}
}
}
$_POST['name'] = RemoveCode($_POST['name']);
$reason = RemoveCode(trim($_POST['listReason'] == "other" ? $_POST['txtReason'] : $_POST['listReason']));
if (!$_POST['banlength']) {
$_POST['banlength'] = 0;
} else {
$_POST['banlength'] = (int) $_POST['banlength'] * 60;
}
// Show the new values in the form
$res['name'] = $_POST['name'];
$res['authid'] = $_POST['steam'];
$res['length'] = $_POST['banlength'];
$res['type'] = $_POST['type'];
$res['reason'] = $reason;
// Only process if there are still no errors
if ($error == 0) {
$lengthrev = $GLOBALS['db']->Execute("SELECT length, authid, type FROM " . DB_PREFIX . "_comms WHERE bid = '" . (int) $_GET['id'] . "'");
$edit = $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_comms SET\n\t\t\t\t\t\t\t\t\t\t`name` = ?, `type` = ?, `reason` = ?, `authid` = ?,\n\t\t\t\t\t\t\t\t\t\t`length` = ?,\n\t\t\t\t\t\t\t\t\t\t`ends` \t = `created` + ?\n\t\t\t\t\t\t\t\t\t\tWHERE bid = ?", array($_POST['name'], $_POST['type'], $reason, $_POST['steam'], $_POST['banlength'], $_POST['banlength'], (int) $_GET['id']));
$res['authid'] = $_POST['steam'];
$res['ip'] = $_POST['ip'];
$res['length'] = $_POST['banlength'];
$res['type'] = $_POST['type'];
$res['reason'] = $reason;
// Only process if there are still no errors
if ($error == 0) {
$lengthrev = $GLOBALS['db']->Execute("SELECT length, authid FROM " . DB_PREFIX . "_bans WHERE bid = '" . (int) $_GET['id'] . "'");
$edit = $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_bans SET\r\n\t\t\t\t\t\t\t\t\t\t`name` = ?, `type` = ?, `reason` = ?, `authid` = ?,\r\n\t\t\t\t\t\t\t\t\t\t`length` = ?,\r\n\t\t\t\t\t\t\t\t\t\t`ip` = ?,\r\n\t\t\t\t\t\t\t\t\t\t`country` = '',\r\n\t\t\t\t\t\t\t\t\t\t`ends` \t = `created` + ?\r\n\t\t\t\t\t\t\t\t\t\tWHERE bid = ?", array($_POST['name'], $_POST['type'], $reason, $_POST['steam'], $_POST['banlength'], $_POST['ip'], $_POST['banlength'], (int) $_GET['id']));
// Set all submissions to archived for that steamid
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($_POST['steam']));
if (!empty($_POST['dname'])) {
$demoid = $GLOBALS['db']->GetRow("SELECT filename FROM `" . DB_PREFIX . "_demos` WHERE demid = '" . $_GET['id'] . "';");
@unlink(SB_DEMOS . "/" . $demoid['filename']);
$edit = $GLOBALS['db']->Execute("REPLACE INTO " . DB_PREFIX . "_demos\r\n\t\t\t\t\t\t\t\t\t\t\t(`demid`, `demtype`, `filename`, `origname`)\r\n\t\t\t\t\t\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t\t\t\t\t(?,\r\n\t\t\t\t\t\t\t\t\t\t\t'b',\r\n\t\t\t\t\t\t\t\t\t\t\t?,\r\n\t\t\t\t\t\t\t\t\t\t\t?)", array((int) $_GET['id'], $_POST['did'], $_POST['dname']));
$res['dname'] = RemoveCode($_POST['dname']);
}
if ($_POST['banlength'] != $lengthrev->fields['length']) {
$log = new CSystemLog("m", "Ban length edited", "Ban length for (" . $lengthrev->fields['authid'] . ") has been updated, before: " . $lengthrev->fields['length'] . ", now: " . $_POST['banlength']);
}
echo '<script>ShowBox("Ban updated", "The ban has been updated successfully", "green", "index.php?p=banlist' . $pagelink . '");</script>';
}
}
if (!$res) {
echo '<script>ShowBox("Error", "There was an error getting details. Maybe the ban has been deleted?", "red", "index.php?p=banlist' . $pagelink . '");</script>';
}
$theme->assign('ban_name', $res['name']);
$theme->assign('ban_reason', $res['reason']);
$theme->assign('ban_authid', trim($res['authid']));
$theme->assign('ban_ip', $res['ip']);
$theme->assign('ban_demo', !empty($res['dname']) ? "Uploaded: <b>" . $res['dname'] . "</b>" : "");
function SendMessage($sid, $name, $message)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->is_admin()) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to send ingame message to '" . addslashes(htmlspecialchars($name)) . "' (\"" . RemoveCode($message) . "\"), but doesnt have access.");
return $objResponse;
}
$sid = (int) $sid;
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($data['rcon'])) {
$objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". No RCON password!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';");
$objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". Wrong RCON password!', 'red', '', true);");
return $objResponse;
}
$ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"');
new CSystemLog("m", "Message sent to player", "The following message was sent to " . addslashes(htmlspecialchars($name)) . " on server " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message));
$objResponse->addScript("ShowBox('Message Sent', 'The message has been sent to player \\'" . addslashes(htmlspecialchars($name)) . "\\' successfully!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');");
return $objResponse;
}
$log = new CSystemLog("w", "Hacking Attempt", $userbank->GetProperty("user") . " tried to edit " . $userbank->GetProperty('user', $_GET['id']) . "'s details, but doesnt have access.");
echo '<div id="msg-red" >
<i><img src="./images/warning.png" alt="Warning" /></i>
<b>Error</b>
<br />
You are not allowed to edit other profiles.
</div>';
PageDie();
}
}
$errorScript = "";
// Form submitted?
if (isset($_POST['adminname'])) {
$a_name = RemoveCode($_POST['adminname']);
$a_steam = trim(RemoveCode($_POST['steam']));
$a_email = trim(RemoveCode($_POST['email']));
$a_serverpass = $_POST['a_useserverpass'] == "on";
$pw_changed = false;
$serverpw_changed = false;
// Form validation
$error = 0;
// Check name
if (empty($a_name)) {
$error++;
$errorScript .= "\$('adminname.msg').innerHTML = 'You must type a name for the admin.';";
$errorScript .= "\$('adminname.msg').setStyle('display', 'block');";
} else {
if (strstr($a_name, "'")) {
$error++;
$errorScript .= "\$('adminname.msg').innerHTML = 'An admin name can not contain a \" \\' \".';";
$errorScript .= "\$('adminname.msg').setStyle('display', 'block');";
$errorScript .= "\$('port.msg').innerHTML = 'Введите порт сервера.';";
$errorScript .= "\$('port.msg').setStyle('display', 'block');";
} else {
if (!is_numeric($_POST['port'])) {
$error++;
$errorScript .= "\$('port.msg').innerHTML = 'Введите действительный порт (<b>номер</b>).';";
$errorScript .= "\$('port.msg').setStyle('display', 'block');";
}
}
// rcon
if ($_POST['rcon'] != '+-#*_' && $_POST['rcon'] != $_POST['rcon2']) {
$error++;
$errorScript .= "\$('rcon2.msg').innerHTML = 'Пароли не совпадают.';";
$errorScript .= "\$('rcon2.msg').setStyle('display', 'block');";
}
$ip = RemoveCode($_POST['address']);
// Check for dublicates afterwards
if ($error == 0) {
$chk = $GLOBALS['db']->GetRow('SELECT sid FROM `' . DB_PREFIX . '_servers` WHERE ip = ? AND port = ? AND sid != ?;', array($ip, (int) $_POST['port'], $_GET['id']));
if ($chk) {
$error++;
$errorScript .= "ShowBox('Ошибка', 'Сервер с таким же IP:порт уже существует.', 'red');";
}
}
$enabled = isset($_POST['enabled']) && $_POST['enabled'] == "on" ? 1 : 0;
$server['ip'] = $ip;
$server['port'] = (int) $_POST['port'];
$server['modid'] = (int) $_POST['mod'];
$server['enabled'] = $enabled;
if ($error == 0) {
$grps = "";
