public function isComplete() { $isComplete = true; if (emptyInput($this->flagType_id) || $this->flagType_textarea == true && emptyInput($this->flagText)) { $isComplete = false; } return $isComplete; }
} else { $change_rcon_pw = false; } // Whether to change DB PW or not if ($pb == 'on') { $pb = 1; } else { $pb = 0; } ## Check for empty vars ## emptyInput($name, 'server name'); emptyInput($ip, 'server IP'); emptyInput($rcon_ip, 'Rcon IP'); emptyInput($rcon_port, 'Rcon Port'); if ($change_rcon_pw == true) { emptyInput($rcon_pw, 'Rcon password'); } // check that the rcon_ip is valid if (!filter_var($rcon_ip, FILTER_VALIDATE_IP)) { sendBack('That Rcon IP Address is not valid'); } // check that the rcon_ip is valid if (!filter_var($ip, FILTER_VALIDATE_IP)) { sendBack('That server IP Address is not valid'); } // Check Port is a number between 4-5 digits if (!is_numeric($rcon_port) || !preg_match('/^[0-9]{4,5}$/', $rcon_port)) { sendBack('Rcon Port must be a number between 4-5 digits'); } if ($is_add) { // if is add server request
$td = new Encrypt($_SESSION['user']->getKey()); $field = $td->decrypt($field); if (!$encrypted && $row->fieldName === 'age') { if ($field > 90) { $field = 'Over 90'; } } } switch ($row->type) { case 'checkbox': $sql = "SELECT {$row->fieldName}_id as cbVal FROM {$row->pages_name}{$row->fieldName} WHERE {$row->pages_name}_id = ?"; $pA = array('i', $dataRow->{$row->pages_name . '_id'}); $cbVal = DB::query($sql, $pA); $field = $cbVal->getArray('cbVal'); foreach ($cbFields[$row->pages_name][$row->fieldName] as $cb) { if (emptyInput($field)) { $line[] = ""; continue; } if (in_array($cb, $field)) { $line[] = "1"; } else { $line[] = "0"; } } break; case 'text': case 'textarea': $line[] = '"' . $field . '"'; break; default:
sendGood('This blacklist ban has been re-activiated'); exit; // no need to continue } elseif ($_POST['ip']) { // if this is an add request if (!verifyFormToken('addbl', $tokens)) { // verify token ifTokenBad('BL Add'); } // if bad log, add hack counter and throw error // set and clean vars $reason = cleanvar($_POST['reason']); $ip = cleanvar($_POST['ip']); // check for empty inputs emptyInput($reason, 'the reason'); emptyInput($ip, 'IP Address'); // if reason is default comment msg, send back with error if ($reason == "Enter a reason for this ban...") { sendBack('You must add a reason as to why this IP ban is being added'); } // check if it is a valid IP address if (!filter_var($ip, FILTER_VALIDATE_IP)) { sendBack('That IP address is not valid'); } $whitelist = array('token', 'reason', 'ip'); // allow form fields to be sent // Building an array with the $_POST-superglobal foreach ($_POST as $key => $item) { if (!in_array($key, $whitelist)) { hack(1); // plus 1 to hack counter
// verify token ifTokenBad('Reg Key Delete'); } // if bad token, log and send error $result = $dbl->delKey($key); if ($result) { sendGood('Registration key deleted'); } else { sendBack('There was an problem completeing your request'); } exit; // no need continuing with this script } elseif ($_POST['comment']) { // if this is an edit comment request $key = cleanvar($_POST['key']); $comment = cleanvar($_POST['comment']); emptyInput($comment, 'comment'); $result = $dbl->editKeyComment($key, $comment, $mem->id); // this is an ajax request, so we need to echo error/success messages if ($result) { echo 'yes'; } else { echo 'no'; } exit; // no need to continue } else { // if form not submitted set_error('Please do not load that page directly, thank you.'); sendHome(); }
require '../inc.php'; // set and clean vars of unwanted materials $username = cleanvar($_POST['username']); $display = cleanvar($_POST['display']); $pw1 = cleanvar($_POST['pw1']); $pw2 = cleanvar($_POST['pw2']); $key = cleanvar($_POST['key']); $email = cleanvar($_POST['email']); if ($pw1 != $pw2) { // if the passwords don't match send them back sendBack('The supplied passwords to do match'); } // check for empty inputs emptyInput($display, 'display name'); emptyInput($username, 'username'); emptyInput($pw1, 'your new password'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email address is not valid'); } ## Check if key and email are valid ## $valid_key = $dbl->verifyRegKey($key, $email, $key_expire); if (!$valid_key && key == "0") { // if the key sent is a valid one sendBack('The key or email you submitted are not valid.'); } ## Add user to users table ## // generate a new salt for the user $salt = genSalt(); // find the hash of the supplied password and the new salt $password = genPW($pw1, $salt);
public function checkComplete($page = NULL, $data = NULL, $record = NULL) { $checkComplete = true; if (!$page) { $page = $this->getPage(); } // Fire this off first to prevent any possible complication of passing through the record to the form field processes $fields = $this->getFormFields($page, false, NULL, $record); if (!$record) { $record = $this->record; } if (!$data) { $data = $record->getData($page); if (!$data) { return false; } } foreach ($fields as $name => $values) { if (isset($values['mandatory'])) { $mand = $values['mandatory']; $fieldName = substr($name, strpos($name, "-") + 1); if (strpos($fieldName, "[")) { $fieldName = substr($fieldName, 0, strpos($fieldName, "[")); } if (strpos($mand, "_")) { list($mandField, $mandValue) = explode("_", $mand); } else { $mandField = $mand; $mandValue = 1; } if ($mand == 1 || $data->get($mandField) == $mandValue) { // If either mandatory is 1, or the fieldname in mandatory is truthy if (emptyInput($data->get($fieldName)) && !(method_exists($data, 'getFlag') && $data->getFlag($page, $fieldName, $record->getID()))) { // See if that field is filled and unflagged $checkComplete = false; // If not set return value as false and break (only takes one empty field to not be complete break; } } } } if ($checkComplete) { $data->complete = 1; } else { $data->complete = 0; } return $checkComplete; }
$install_dir = $_SERVER['SCRIPT_NAME']; $echelon_dir = preg_replace('#install/index.php#', '', $install_dir); ## Create an Echelon salt $ech_salt = genSalt(16); $ses_salt = randPass(6); ## Get the form information ## $email = cleanvar($_POST['email']); $db_host = cleanvar($_POST['db-host']); $db_user = cleanvar($_POST['db-user']); $db_pass = cleanvar($_POST['db-pass']); $db_name = cleanvar($_POST['db-name']); emptyInput($email, 'your email address'); emptyInput($db_host, 'your email address'); emptyInput($db_host, 'database hostname'); emptyInput($db_user, 'database username'); emptyInput($db_name, 'database name'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email is not valid'); } ## test connection is to the Db works ## define("DBL_HOSTNAME", $db_host); // hostname of where the server is located define("DBL_USERNAME", $db_user); // username that can connect to that DB define("DBL_PASSWORD", $db_pass); // Password for that user define("DBL_DB", $db_name); // name of the database to connect to define("DB_CON_ERROR_SHOW", TRUE); // start connectionn to the DB
## if logged in users may skip this page sendHome(); // send to the index/home page } elseif ($_POST['f-name']) { ## if this is a log in request // if over the maxium amount of wrong attempts, // or if hack attempts detected, BL user IP and remove user locked(); // set sent vars $username = cleanvar($_POST['f-name']); // strip and remove spaces from vars $pw = $_POST['f-pw']; $game_input = cleanvar($_POST['f-game']); // are they empty values emptyInput($username, 'username'); emptyInput($pw, 'password'); if (!verifyFormTokenLogin('login')) { // verify token wrong(1); // plus 1 to wrong counter hack(1); // plus 1 to hack counter writeLog('Login - Bad Token'); // make note in log sendBack('Login Failed - Stop! Attack detected!!!'); exit; } // Building a whitelist array with keys which will send through the form, no others would be accepted later on $whitelist = array('token', 'f-name', 'f-pw', 'f-game'); // Building an array with the $_POST-superglobal foreach ($_POST as $key => $item) {
public function addErrors($error) { // Takes the error Session variable and loops through the inputs to add error state foreach ($this->inputs as $input) { if (isset($error[$input->getName()])) { $errorVal = $error[$input->getName()]['value']; $errorMessage = $error[$input->getName()]['error']; if (emptyInput($input->getValue())) { if ($errorVal !== false) { $input->addValue($errorVal); } $input->setError('error', $errorMessage); } else { $input->setError('error_value'); } } else { if ($input->isMand() && emptyInput($input->getValue())) { $input->setError('warning'); } } } }
// if is AJAX request echo $data; } else { sendBack(''); } // sendBack with no error } } if (isset($_GET['auto'])) { echo $plugin->getLastChats($_GET['table-num'], $_GET['last-id']); } if (isset($_POST['tables'])) { if ($mem->reqLevel('chats_edit_tables')) { // extra perms needed to edit settings $tables = $_POST['tables']; $names = $_POST['table-names']; emptyInput($tables, 'tables'); emptyInput($names, 'names'); $num_tables = count(explode(',', $tables)); $num_names = count(explode(',', $names)); if ($num_tables != $num_names) { sendBack('You need to have the same number of tables listed as you do names'); } $results = $plugin->editSettings($tables, $names); if (!$results) { sendBack('There was a problem. Maybe the table names you gave us are incorrect.'); } else { sendGood('The chatlog settings have been updated'); } } }
$auth_name = 'comment'; $b3_conn = true; // this page needs to connect to the B3 database require '../../inc.php'; if (!isset($_POST['comment-sub'])) { // if the form is submitted set_error('Please do not call that page directly'); send('../../'); } ## check that the sent form token is corret if (verifyFormToken('comment', $tokens) == false) { // verify token ifTokenBad('Add comment'); } // Gets vars from form $cid = cleanvar($_POST['cid']); $comment = cleanvar($_POST['comment']); // Check for empties emptyInput($comment, 'comment'); emptyInput($cid, 'client id not sent'); ## Check sent client_id is a number ## if (!isID($cid)) { sendBack('Invalid data sent, ban not added'); } ## Query ## $result = $dbl->addEchLog('Comment', $comment, $cid, $mem->id, $game); if ($result) { sendGood('Comment added'); } else { sendBack('There is a problem, your comment was not added to the database'); }
/** * General Validation method - called from within */ protected function validate() { $testVal = $this->validateType(); // First check that the type of value is right $this->_valid = true; while (!is_null($testVal) && $this->_valid !== false && ($group = $this->_valRules->nextGroup())) { $groupVal = true; // If not already validated and there is a group to validate $groupType = $group->getType(); // Is the group and AND or an OR? while ($rule = $group->nextRule()) { $ruleVal = true; if (is_null($rule['value'])) { continue; } // Skip if nothing to validate against $limits = explode('/', $rule['value']); switch ($this->_varType) { case 'number': case 'duration': // Only care about HARD validation for server if ($rule['special'] == 'HARD' || is_null($rule['special'])) { $ruleVal = $this->doCompare($testVal, $limits, $rule['operator']); } elseif ($rule['special'] == 'REFERENCE') { foreach ($limits as $key => $value) { $numberLoc = explode('-', $value); $numberCheck = $this->_data->getField($numberLoc[0], $numberLoc[1]); if ($numberCheck) { $numberLimits[$key] = $rule['operator'] == 'AGE' ? strtotime($numberCheck) : $numberCheck; } else { break 2; } } $ruleVal = $this->doCompare($testVal, $numberLimits, $rule['operator']); } break; case 'date': $dateToTest = strtotime($testVal); if ($rule['special'] == 'RELATIVE') { // Dates relative to current date foreach ($limits as $key => $value) { if (is_integer($value)) { $dateLimits[$key] = strtotime("{$value} years"); } else { $dateLimits[$key] = strtotime(round($value * 365) . " days"); } } $ruleVal = $this->doCompare($dateToTest, $dateLimits, $rule['operator']); } else { if ($rule['special'] == 'ABSOLUTE') { foreach ($limits as $key => $value) { $dateLimits[$key] = strtotime($value); } $ruleVal = $this->doCompare($dateToTest, $dateLimits, $rule['operator']); } else { if ($rule['special'] == 'REFERENCE') { foreach ($limits as $key => $value) { $dateLoc = explode('-', $value); $dateCheck = $this->_data->getField($dateLoc[0], $dateLoc[1]); if ($dateCheck) { $dateLimits[$key] = is_numeric($dateCheck) ? $dateCheck : strtotime($dateCheck); } else { // One of the reference dates is missing so break without testing break 2; } } $ruleVal = $this->doCompare($dateToTest, $dateLimits, $rule['operator']); } } } break; case 'time': if ($rule['special'] == 'REFERENCE') { // Then we need to get the datetime $testDate = $this->_data->getField($this->_page, str_replace('time', 'date', $this->_fieldName)); if ($testDate) { $dateTimeToTest = strtotime("{$testDate} {$testVal}"); foreach ($limits as $key => $value) { $dateLoc = explode('-', $value); $checkDate = $this->_data->getField($dateLoc[0], $dateLoc[1] . 'date'); $checkTime = $this->_data->getField($dateLoc[0], $dateLoc[1] . 'time'); if ($checkDate) { $dateTimeLimits[$key] = strtotime("{$checkDate} {$checkTime}"); } else { $dateTimeLimits[$key] = NULL; } } $ruleVal = $this->doCompare($dateTimeToTest, $dateTimeLimits, $rule['operator']); } } break; case 'text': case 'textarea': case 'email': $check = preg_match($rule['value'], $testVal); switch ($rule['operator']) { case 'EQUAL': if (!$check) { $ruleVal = false; } break; case 'NOT EQUAL': if ($check) { $ruleVal = false; } break; } break; case 'select': case 'radio': if ($rule['operator'] == 'IN LIST' && $rule['special'] != 'FILTER') { $checkTable = DB::clean($rule['value']); if (strpos($checkTable, '-')) { $filterBy = explode('-', $checkTable); $checkTable = $filterBy[0]; $filterTable = $filterBy[1]; } else { $filterTable = NULL; } $sql = "SELECT DISTINCT({$checkTable}.option_value) FROM {$checkTable}"; if ($filterTable) { $sql .= " RIGHT JOIN {$filterTable}\n ON {$checkTable}.id = {$filterTable}.{$checkTable}_id"; } $result = DB::query($sql); $idList = $result->getArray('option_value'); if (!in_array($testVal, $idList)) { $ruleVal = false; } } else { if ($rule['operator'] === 'NOT IN LIST') { $excList = explode(',', $rule['value']); if (in_array($testVal, $excList)) { $ruleVal = false; } } else { if ($rule['special'] == 'REFERENCE') { $valArr = explode('-', $rule['value']); if ($valArr[0] == 'user') { $valNum = $_SESSION['user']->get($valArr[1]); } if ($valNum > $testVal) { $ruleVal = false; } } } } break; case 'checkbox': $checkTable = DB::clean($rule['value']); $sql = "SELECT option_value FROM {$checkTable}"; $result = DB::query($sql); $idList = $result->getArray('option_value'); if (in_array(0, $testVal)) { // 0 represents the test not being done, so can be the only thing in the array $validated = array(0); } elseif (in_array(1, $testVal)) { // 1 always represents 'None of the above', so can be the only thing in the array $validated = array(1); } else { foreach ($testVal as $v) { if (in_array($v, $idList)) { $validated[] = $v; } } } $value = $validated; // Replace the array with the validated one break; case 'password': if ($rule['value'] == 'newPassword') { // If it's a new password for registration if (is_array($testVal) && !emptyInput($testVal[0]) && $testVal[0] == $testVal[1]) { // Ensure an array has been sent, it isn't empty and the passwords match $this->_value = $testVal[1]; } else { $ruleVal = false; } } else { $checkPass = $this->_data->checkPassword($testVal[0]); if ($checkPass && !emptyInput($testVal[1])) { if ($testVal[1] == $testVal[2] && $testVal[0] != $testVal[1]) { $this->_value = $testVal[1]; } else { $ruleVal = false; } } else { if ($checkPass) { $this->_value = $testVal[0]; } else { $ruleVal = false; } } } break; } if ($ruleVal === false) { if (!is_null($rule['error'])) { $this->_error = $rule['error']; } else { $this->generateError($rule); } } if ($groupType == 'AND' && $ruleVal === false) { // Only takes one false result to invalidate an AND $groupVal = false; break; } else { if ($groupType == 'OR' && $ruleVal === true) { // Only takes one true to validate an OR $groupVal = true; break; } } } if ($groupVal == false) { // If any group is not valid then set var invalid and stop // testing (as valid being false busts out of the while) $this->_valid = false; } } }
// verify token ifTokenBad('Change client mask level'); } } ## Set and clean vars ## $level = cleanvar($_POST['level']); $client_id = cleanvar($_POST['cid']); $old_level = cleanvar($_POST['old-level']); $password = cleanvar($_POST['password']); ## Check Empties ## emptyInput($level, 'data not sent'); emptyInput($client_id, 'data not sent'); emptyInput($old_level, 'data not sent'); if (!$is_mask) { // only the client level needs a password emptyInput($password, 'current password'); } ## Check if the client_id is numeric ## if (!isID($client_id)) { sendBack('Invalid data sent, greeting not changed'); } ## Do some mojo with the B3 group information ## $b3_groups = $db->getB3Groups(); // change around the recieved data $b3_groups_id = array(); foreach ($b3_groups as $group) { array_push($b3_groups_id, $group['id']); // make an array of all the group_bits that exsist $b3_groups_name[$group['id']] = $group['name']; // make an array of group_bits to matching names }
set_error('Please do not call that page directly, thank you.'); send('../../index.php'); } ## get vars ## $ban_id = cleanvar($_POST['banid']); $type = cleanvar($_POST['type']); $cid = cleanvar($_POST['cid']); ## check that the sent form token is correct ## if (verifyFormToken('unban' . $ban_id, $tokens) == false) { // verify token ifTokenBad('Unban'); } ## Check for empties ## emptyInput($type, 'data not sent'); emptyInput($ban_id, 'data not sent'); emptyInput($cid, 'data not sent'); ## Check ban_id is a number ## if (!isID($ban_id) || !isID($cid)) { sendBack('Invalid data sent, ban not added'); } ## Send query ## $results = $db->makePenInactive($ban_id); if (!$results) { // if bad send back warning sendBack('Penalty has not been removed'); } ## If a permaban send unban rcon command ## if ($type == 'Ban') { ## Get the PBID of the client ## $pbid = $db->getPBIDfromPID($pen_id); ## Loop thro server for this game and send unban command and update ban file
if ($db_pw_cng == 'on') { $change_db_pw = true; } else { $change_db_pw = false; } ## Check for empty vars ## emptyInput($name, 'game name'); emptyInput($name_short, 'short version of game name'); emptyInput($db_user, 'DB Username'); emptyInput($db_host, 'DB Host'); emptyInput($db_name, 'DB name'); if ($change_db_pw == true && !$is_add) { emptyInput($db_pw, 'DB password'); } if (!$is_add) { emptyInput($password, 'your current password'); } if ($is_add) { ## Check game is supported ## if (!array_key_exists($game_type, $supported_games)) { sendBack('That game type does not exist, please choose a game'); } } if (!empty($g_plugins)) { foreach ($g_plugins as $plugin) { $enabled .= $plugin . ','; } $enabled = substr($enabled, 0, -1); // remove trailing comma } ## Check that the DB information supplied will make a connection to the B3 database.
if ($pb_ban == 'on') { $is_pb_ban = true; } else { $is_pb_ban = false; $duration_form = cleanvar($_POST['duration']); $time = cleanvar($_POST['time']); emptyInput($time, 'time frame'); emptyInput($duration_form, 'penalty duration'); } $reason = cleanvar($_POST['reason']); $client_id = cleanvar($_POST['cid']); $pbid = cleanvar($_POST['c-pbid']); $c_name = cleanvar($_POST['c-name']); $c_ip = cleanvar($_POST['c-ip']); // check for empty reason emptyInput($reason, 'ban reason'); ## Check sent client_id is a number ## if (!isID($client_id)) { sendBack('Invalid data sent, ban not added'); } ## Sort out some ban information if ($is_pb_ban) { // if the ban is perma ban $type = 'Ban'; $time_expire = '-1'; $duration = 0; } else { $type = 'TempBan'; // NOTE: the duration in the DB is done in MINUTES and the time_expire is written in unix timestamp (in seconds) $duration = penDuration($time, $duration_form); $duration_secs = $duration * 60;
if (!$_POST['unban-sub']) { // if the form not is submitted set_error('Please do not call that page directly, thank you.'); send('../../index.php'); } ## get vars ## $ban_id = $_POST['banid']; $type = cleanvar($_POST['type']); ## check that the sent form token is correct ## if (verifyFormToken('unban' . $ban_id, $tokens) == false) { // verify token ifTokenBad('Unban'); } ## Check for empties ## emptyInput($type, 'data not sent'); emptyInput($ban_id, 'data not sent'); ## Check ban_id is a number ## if (!isID($ban_id)) { sendBack('Invalid data sent, ban not added'); } ## Send query ## $results = $db->makePenInactive($ban_id); if (!$results) { // if bad send back warning sendBack('Penalty has not been removed'); } ## If a permaban send unban rcon command ## if ($type == 'Ban') { ## Get the PBID of the client ## $pbid = $db->getPBIDfromPID($pen_id); ## Loop thro server for this game and send unban command and update ban file
} if ($pass1 != $pass2) { // if the passwords don't match send them back sendBack('The supplied passwords to do match'); } emptyInput($pass1, 'your new password'); $is_change_pw = true; // this is a change password request aswell } else { // this request requires no password change $is_change_pw = false; } // check for empty inputs emptyInput($display, 'display name'); emptyInput($email, 'email'); emptyInput($cur_pw, 'your current password'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email is not valid'); } // check to see by comparing to session vars if the display name and email have been changed if ($display != $mem->name || $email != $mem->email) { // sent display name does not match session and same with email $is_change_display_email = true; } else { $is_change_display_email = false; } // this is not a change request // if display/email not changed and its not a change pw request then return if (!$is_change_display_email && !$is_change_pw) { sendBack('You didn\'t change anything, so Echelon has done nothing');
$auth_name = 'greeting'; $b3_conn = true; // this page needs to connect to the B3 database require '../../inc.php'; if ($_POST['greeting-sub']) { // if the form is submitted ## check that the sent form token is corret if (verifyFormToken('greeting', $tokens) == false) { // verify token ifTokenBad('Add comment'); } $greeting = cleanvar($_POST['greeting']); $client_id = cleanvar($_POST['cid']); // NOTE: allow for an empty comment. An empty comment means no comment emptyInput($client_id, 'data not sent'); if (!isID($client_id)) { sendBack('Invalid data sent, greeting not changed'); } ## Add Log Message ## $comment = 'Greeting message changed'; $dbl->addEchLog('Greeting', $comment, $client_id, $mem->id); ## Query ## $query = "UPDATE clients SET greeting = ? WHERE id = ? LIMIT 1"; $stmt = $db->mysql->prepare($query) or sendBack('Database Error'); $stmt->bind_param('si', $greeting, $client_id); $stmt->execute(); if ($stmt->affected_rows) { sendGood('Greeting has been updated'); } else { sendBack('Greeting was not updated');