sendBack('You didn\'t change anything, so Echelon has done nothing');
}
## Query Section ##
//$mem->reAuthUser($cur_pw, $dbl); // check user current password is correct
if ($is_change_display_email) {
// if the display or email have been altered edit them if not skip this section
// update display name and email
$results = $dbl->editMe($display, $email, $mem->id);
if (!$results) {
// if false (if nothing happened)
sendBack('There was an error updating your email and display name');
} else {
// its been changed so we must update the session vars
$_SESSION['email'] = $email;
$_SESSION['name'] = $display;
$mem->setName($display);
$mem->setEmail($email);
}
}
## if a change pw request ##
if ($is_change_pw) {
$result = $mem->genAndSetNewPW($pass1, $mem->id, $min_pw_len);
// function to generate and set a new password
if (is_string($result)) {
// result is either true (success) or an error message (string)
sendBack($result);
}
}
## return good ##
sendGood('Your user information has been successfully updated');
if ($db_test->connect_error) {
// send back with a failed connection message
sendBack('<strong>Database Connection Error</strong>
<p>The connection information you supplied is incorrect.<br />' . $db_test->connect_error . '</p>');
}
## Update DB ##
if ($is_add) {
// add game queries
$result = $dbl->addGame($name, $game_type, $name_short, $db_host, $db_user, $db_pw, $db_name);
if (!$result) {
// if everything is okay
sendBack('There is a problem, the game information was not saved.');
}
$dbl->addGameCount();
// Add one to the game counter in config table
} else {
// edit game queries
$mem->reAuthUser($password, $dbl);
$result = $dbl->setGameSettings($game, $name, $name_short, $db_user, $db_host, $db_name, $db_pw, $change_db_pw, $enabled);
// update the settings in the DB
if (!$result) {
sendBack('Something did not update. Did you edit anything?');
}
}
## Return with result message
if ($is_add) {
set_good('Game Added');
send('../settings-games.php');
} else {
sendGood('Your settings have been updated');
}
$rcon_port = $config['game']['servers'][$i]['rcon_port'];
$c_ip = trim($c_ip);
// PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
$command = "pb_sv_banguid " . $pbid . " " . $c_name . " " . $c_ip . " " . $reason;
rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
// send the ban command
sleep(1);
// sleep for 1 sec in ordere to the give server some time
$command_upd = "pb_sv_updbanfile";
// we need to update the ban files
rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
// send the ban file update command
}
$i++;
}
}
// end if a $is_pb_ban == true
if ($result) {
// set comment for the ban, and log it
if ($type == 'Ban') {
$comment = 'permanent ban, for "' . $reason . '"';
} else {
$dur_name = array('m' => 'minute', 'h' => 'hour', 'd' => 'day', 'w' => 'week', 'mn' => 'month', 'y' => 'year');
$comment = $duration_form . ' ' . $dur_name[$time] . ' temp ban, for \\"' . $reason . '\\"';
}
$result = $dbl->addEchLog('Ban', $comment, $client_id, $mem->id, $game);
sendGood('Ban added to banlist and to the DB');
} else {
sendBack('Something went wrong the ban was not added');
}
exit;
<?php
$auth_name = 'add_user';
// this page is add user, so that if you can add keys you should be able to remove them
require '../inc.php';
if ($_POST['t'] == 'del') {
// if this is a deletion request
$key = cleanvar($_POST['key']);
if (verifyFormToken('keydel' . $key, $tokens) == false) {
// verify token
ifTokenBad('Reg Key Delete');
}
// if bad token, log and send error
$result = $dbl->delKey($key);
if ($result) {
sendGood('Registration key deleted');
} else {
sendBack('There was an problem completeing your request');
}
exit;
// no need continuing with this script
} elseif ($_POST['comment']) {
// if this is an edit comment request
$key = cleanvar($_POST['key']);
$comment = cleanvar($_POST['comment']);
emptyInput($comment, 'comment');
$result = $dbl->editKeyComment($key, $comment, $mem->id);
// this is an ajax request, so we need to echo error/success messages
if ($result) {
echo 'yes';
} else {
sendBack('That IP address is not valid');
}
$whitelist = array('token', 'reason', 'ip');
// allow form fields to be sent
// Building an array with the $_POST-superglobal
foreach ($_POST as $key => $item) {
if (!in_array($key, $whitelist)) {
hack(1);
// plus 1 to hack counter
writeLog('Add BL - Unknown form fields provided');
// make note of event
sendBack('Unknown Information sent.');
exit;
}
}
// end foreach
## Query Section ##
$result = $dbl->blacklist($ip, $reason, $mem->id);
if (!$result) {
// if false
sendBack('That IP was not added to the blacklist');
}
// if got this far we are doing well so lets send back a good message
sendGood('The IP has been added to the banlist');
exit;
// no need to continue
} else {
// if this page was not posted and a user indirectly ends up on this page then sent to SA page with error
set_error('Please do not load that page without submitting the ban IP address form');
send('../sa.php');
}
sendBack('There was a problem adding the key into the database');
}
//send the email or message after adding to the DB
if (USE_MAIL) {
## email user about the key ##
$body = '<html><body>';
$body .= '<h2>Echelon User Key</h2>';
$body .= $config['cosmos']['email_header'];
$body .= 'This is the key you will need to use to register on Echelon.
<a href="http://' . $_SERVER['SERVER_NAME'] . PATH . 'register.php?key=' . $user_key . '&email=' . $email . '">Register here</a>.<br />';
$body .= 'Registration Key: ' . $user_key;
$body .= $config['cosmos']['email_footer'];
$body .= '</body></html>';
// replace %ech_name% in body of email with var from config
$body = preg_replace('#%ech_name%#', $config['cosmos']['name'], $body);
// replace %name%
$body = preg_replace('#%name%#', 'new user', $body);
$headers = "From: echelon@" . $_SERVER['HTTP_HOST'] . "\r\n";
$headers .= "Reply-To: " . EMAIL . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$subject = "Echelon User Registration";
// send email
if (!mail($email, $subject, $body, $headers)) {
sendback('There was a problem sending the email.');
}
sendGood('Key Setup and Email has been sent to user');
}
// remind the admin to add the new user as they did not recieve an email
sendGood('Don\'t forget to give the user their registration key, since it was not mailed');
## check that the sent form token is corret
if (verifyFormToken('greeting', $tokens) == false) {
// verify token
ifTokenBad('Add comment');
}
$greeting = cleanvar($_POST['greeting']);
$client_id = cleanvar($_POST['cid']);
// NOTE: allow for an empty comment. An empty comment means no comment
emptyInput($client_id, 'data not sent');
if (!isID($client_id)) {
sendBack('Invalid data sent, greeting not changed');
}
## Add Log Message ##
$comment = 'Greeting message changed';
$dbl->addEchLog('Greeting', $comment, $client_id, $mem->id);
## Query ##
$query = "UPDATE clients SET greeting = ? WHERE id = ? LIMIT 1";
$stmt = $db->mysql->prepare($query) or sendBack('Database Error');
$stmt->bind_param('si', $greeting, $client_id);
$stmt->execute();
if ($stmt->affected_rows) {
sendGood('Greeting has been updated');
} else {
sendBack('Greeting was not updated');
}
$stmt->close();
// close connection
} else {
set_error('Please do not call that page directly, thank you.');
send('../../index.php');
}
$rcon_ip = $config['game']['servers'][$i]['rcon_ip'];
$rcon_port = $config['game']['servers'][$i]['rcon_port'];
// PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
$command = "pb_sv_unbanguid " . $pbid;
rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
// send the ban command
sleep(1);
// sleep for 1 sec in ordere to the give server some time
$command_upd = "pb_sv_updbanfile";
// we need to update the ban files
rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
// send the ban file update command
}
$i++;
}
}
// set comment for the edit ban action
if ($duration == 0) {
$comment = 'Changed ban #' . $ban_id . ' to a permanent ban';
} else {
$dur_name = array('m' => 'minute', 'h' => 'hour', 'd' => 'day', 'w' => 'week', 'mn' => 'month', 'y' => 'year');
$comment = 'Changed ban #' . $ban_id . ' to a ' . $duration_form . ' ' . $dur_name[$time] . ' temp ban';
}
## Query ##
$result = $dbl->addEchLog('Edit Ban', $comment, $cid, $mem->id, $game);
if ($results) {
sendGood('Ban edited');
} else {
sendBack('NO!');
}
exit;
## If a permaban send unban rcon command ##
if ($type == 'Ban') {
## Get the PBID of the client ##
$pbid = $db->getPBIDfromPID($pen_id);
## Loop thro server for this game and send unban command and update ban file
$i = 1;
while ($i <= $game_num_srvs) {
if ($config['game']['servers'][$i]['pb_active'] == '1') {
// get the rcon information from the massive config array
$rcon_pass = $config['game']['servers'][$i]['rcon_pass'];
$rcon_ip = $config['game']['servers'][$i]['rcon_ip'];
$rcon_port = $config['game']['servers'][$i]['rcon_port'];
// PB_SV_BanGuid [guid] [player_name] [IP_Address] [reason]
$command = "pb_sv_unbanguid " . $pbid;
rcon($rcon_ip, $rcon_port, $rcon_pass, $command);
// send the ban command
sleep(1);
// sleep for 1 sec in ordere to the give server some time
$command_upd = "pb_sv_updbanfile";
// we need to update the ban files
rcon($rcon_ip, $rcon_port, $rcon_pass, $command_upd);
// send the ban file update command
}
$i++;
}
}
if ($results) {
// if good results send back good message
sendGood('Penalty has been deactivated');
}
exit;
$auth_name = 'comment';
$b3_conn = true;
// this page needs to connect to the B3 database
require '../../inc.php';
if (!isset($_POST['comment-sub'])) {
// if the form is submitted
set_error('Please do not call that page directly');
send('../../');
}
## check that the sent form token is corret
if (verifyFormToken('comment', $tokens) == false) {
// verify token
ifTokenBad('Add comment');
}
// Gets vars from form
$cid = cleanvar($_POST['cid']);
$comment = cleanvar($_POST['comment']);
// Check for empties
emptyInput($comment, 'comment');
emptyInput($cid, 'client id not sent');
## Check sent client_id is a number ##
if (!isID($cid)) {
sendBack('Invalid data sent, ban not added');
}
## Query ##
$result = $dbl->addEchLog('Comment', $comment, $cid, $mem->id, $game);
if ($result) {
sendGood('Comment added');
} else {
sendBack('There is a problem, your comment was not added to the database');
}
// if is AJAX request
echo $data;
} else {
sendBack('');
}
// sendBack with no error
}
}
if (isset($_GET['auto'])) {
echo $plugin->getLastChats($_GET['table-num'], $_GET['last-id']);
}
if (isset($_POST['tables'])) {
if ($mem->reqLevel('chats_edit_tables')) {
// extra perms needed to edit settings
$tables = $_POST['tables'];
$names = $_POST['table-names'];
emptyInput($tables, 'tables');
emptyInput($names, 'names');
$num_tables = count(explode(',', $tables));
$num_names = count(explode(',', $names));
if ($num_tables != $num_names) {
sendBack('You need to have the same number of tables listed as you do names');
}
$results = $plugin->editSettings($tables, $names);
if (!$results) {
sendBack('There was a problem. Maybe the table names you gave us are incorrect.');
} else {
sendGood('The chatlog settings have been updated');
}
}
}
## check that the sent form token is corret
if (verifyFormToken('xlrstats', $tokens) == false) {
// verify token
ifTokenBad('XLRstats Edit');
}
// Gets vars from form
$cid = cleanvar($_POST['cid']);
$name = cleanvar($_POST['fixed-name']);
$hide = cleanvar($_POST['hidden']);
if ($hide == 'on') {
$hide = 1;
} else {
$hide = 0;
}
// NOTE: when the user supplies an empty fixed name, the db will be updated with a blank/NULL field, in effect disabling the feature
## Check sent client_id is a number ##
if (!isID($cid)) {
sendBack('Invalid data sent, ban not added');
}
## LOG Query ##
$results = $dbl->addEchLog('XLRstats', 'XLRstats information changed', $cid, $mem->id);
## Update XLRstats table ##
$query = "UPDATE xlr_playerstats SET hide = ?, fixed_name = ? WHERE client_id = ? LIMIT 1";
$stmt = $db->mysql->prepare($query) or die('DB Error');
$stmt->bind_param('isi', $hide, $name, $cid);
$stmt->execute();
if ($stmt->affected_rows > 0) {
sendGood('XLRstats information edited');
} else {
sendBack('There is a problem, changes were not saved');
}
}
## Add Echelon Log ##
$level_name = $b3_groups_name[$level];
$old_level_name = $b3_groups_name[$old_level];
if (!$is_mask) {
$comment = 'User level changed from ' . $old_level_name . ' to ' . $level_name;
} else {
$comment = 'Mask level changed from ' . $old_level_name . ' to ' . $level_name;
}
$dbl->addEchLog('Level Change', $comment, $client_id, $mem->id);
## Query Section ##
if (!$is_mask) {
$query = "UPDATE clients SET group_bits = ? WHERE id = ? LIMIT 1";
} else {
$query = "UPDATE clients SET mask_level = ? WHERE id = ? LIMIT 1";
}
$stmt = $db->mysql->prepare($query) or sendBack('Database Error');
$stmt->bind_param('ii', $level, $client_id);
$stmt->execute();
if ($is_mask) {
$msg_st = 'Mask';
} else {
$msg_st = 'User';
}
if ($stmt->affected_rows) {
sendGood($msg_st . ' level has been changed');
} else {
sendBack($msg_st . ' level was not changed');
}
$stmt->close();
// close connection
// hash the random string to get the user hash
## email user about the key ##
$body = '<html><body>';
$body .= '<h2>Echelon User Key</h2>';
$body .= $config['cosmos']['email_header'];
$body .= 'This is the key you will need to use to register on Echelon.
<a href="http://' . $_SERVER['SERVER_NAME'] . PATH . 'register.php?key=' . $user_key . '&email=' . $email . '">Register here</a>.<br />';
$body .= 'Registration Key: ' . $user_key;
$body .= $config['cosmos']['email_footer'];
$body .= '</body></html>';
// replace %ech_name% in body of email with var from config
$body = preg_replace('#%ech_name%#', $config['cosmos']['name'], $body);
// replace %name%
$body = preg_replace('#%name%#', 'new user', $body);
$headers = "From: echelon@" . $_SERVER['HTTP_HOST'] . "\r\n";
$headers .= "Reply-To: " . EMAIL . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$subject = "Echelon User Registration";
// send email
if (!mail($email, $subject, $body, $headers)) {
sendback('There was a problem sending the email.');
}
## run query to add key to the DB ##
$add_user = $dbl->addEchKey($user_key, $email, $comment, $group, $mem->id);
if (!$add_user) {
sendBack('There was a problem adding the key into the database');
}
// all good send back good message
sendGood('Key Setup and Email has been sent to user');
# verify token #
if (!verifyFormToken('perm-group-edit', $tokens)) {
ifTokenBad('Edit Group Permissions');
}
$group_id = cleanvar($_GET['gid']);
// get the group to update from the URL
## check numeric id ##
if (!is_numeric($group_id)) {
sendBack('Invalid data sent, request aborted');
}
$data = getPostsPerms($_POST);
$perms_list = $dbl->getPermissions(false);
// get a full list of all perms (without desc)
foreach ($perms_list as $perm) {
// compare the two lists and create a common list of perms
$perm_id = $perm['id'];
$perm_name = $perm['name'];
if (array_key_exists($perm_name, $data)) {
$list .= $perm_id . ',';
}
}
$perms_new = substr($list, 0, -1);
// remove the final comma
$result = $dbl->setGroupPerms($group_id, $perms_new);
// update the DB
if (!$result) {
sendBack('There was an error updating the database with the new information');
} else {
sendGood('Everything has been updated and saved successfully');
}
}
} else {
sendBack('There is a problem. The user has not been deleted');
}
exit;
} elseif ($_POST['ad-edit-user']) {
// admin edit user
## get and clean vars ##
$username = cleanvar($_POST['username']);
$display = cleanvar($_POST['display']);
$email = cleanvar($_POST['email']);
$group = cleanvar($_POST['group']);
$id = cleanvar($_POST['id']);
## check numeric id ##
if (!is_numeric($id)) {
sendBack('Invalid data sent, request aborted');
}
# verify token #
if (!verifyFormToken('adedituser', $tokens)) {
ifTokenBad('Edit Echelon User');
}
$result = $dbl->editUser($id, $username, $display, $email, $group);
if ($result) {
sendGood($display . "'s information has been updated");
} else {
sendBack('There is a problem. The user information has not been changed');
}
exit;
} else {
set_error('You cannot view this page directly');
send('sa.php');
}