/**
* Returns whether a URL is in a correct format or not
*
* @param string URL to be tested
* @return bool
* @author Christian Hoffmann
* @author Froxlor team <*****@*****.**> (2010-)
*
*/
function validateUrl($url)
{
global $idna_convert, $theme;
if (strtolower(substr($url, 0, 7)) != "http://" && strtolower(substr($url, 0, 8)) != "https://") {
$url = 'http://' . $url;
}
// needs converting
$url = $idna_convert->encode($url);
$pattern = "/^https?:\\/\\/[a-zA-Z0-9\\-\\.]+\\.[a-zA-Z]{2,4}(\\:[0-9]+)?\\/?(.+)?\$/i";
if (preg_match($pattern, $url)) {
return true;
}
// not an fqdn
if (strtolower(substr($url, 0, 7)) == "http://" || strtolower(substr($url, 0, 8)) == "https://") {
if (strtolower(substr($url, 0, 7)) == "http://") {
$ip = strtolower(substr($url, 7));
}
if (strtolower(substr($url, 0, 8)) == "https://") {
$ip = strtolower(substr($url, 8));
}
$ip = substr($ip, 0, strpos($ip, '/'));
// possible : in IP (when a port is given), #1173
// but only if there actually IS ONE
if (strpos($ip, ':') !== false) {
$ip = substr($ip, 0, strpos($ip, ':'));
}
if (validate_ip($ip, true) !== false) {
return true;
} else {
return false;
}
} else {
return false;
}
}
/**
* Returns whether a URL is in a correct format or not.
*
* @param string URL to be tested
*
* @return bool
*
* @author Christian Hoffmann
*/
function validateUrl($url)
{
if (strtolower(substr($url, 0, 7)) != 'http://' && strtolower(substr($url, 0, 8)) != 'https://') {
$url = 'http://' . $url;
}
if (filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED) !== false) {
return true;
} else {
if (strtolower(substr($url, 0, 7)) == 'http://' || strtolower(substr($url, 0, 8)) == 'https://') {
if (strtolower(substr($url, 0, 7)) == 'http://') {
$ip = strtolower(substr($url, 7));
}
if (strtolower(substr($url, 0, 8)) == 'https://') {
$ip = strtolower(substr($url, 8));
}
$ip = substr($ip, 0, strpos($ip, '/'));
if (validate_ip($ip, true) !== false) {
return true;
} else {
return false;
}
} else {
return false;
}
}
}
/**
* Returns whether a URL is in a correct format or not
*
* @param string URL to be tested
* @return bool
* @author Christian Hoffmann
*
*/
function validateUrl($url)
{
global $idna_convert;
if (strtolower(substr($url, 0, 7)) != "http://" && strtolower(substr($url, 0, 8)) != "https://") {
$url = 'http://' . $url;
}
// needs converting
$url = $idna_convert->encode($url);
$pattern = "/^https?:\\/\\/[a-zA-Z0-9\\-\\.]+\\.[a-zA-Z]{2,4}(\\:[0-9]+)?\\/?(.+)?\$/i";
if (preg_match($pattern, $url)) {
return true;
}
// not an fqdn
if (strtolower(substr($url, 0, 7)) == "http://" || strtolower(substr($url, 0, 8)) == "https://") {
if (strtolower(substr($url, 0, 7)) == "http://") {
$ip = strtolower(substr($url, 7));
}
if (strtolower(substr($url, 0, 8)) == "https://") {
$ip = strtolower(substr($url, 8));
}
$ip = substr($ip, 0, strpos($ip, '/'));
if (validate_ip($ip, true) !== false) {
return true;
} else {
return false;
}
} else {
return false;
}
}
/**
* This file is part of the SysCP project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.syscp.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Lippert <*****@*****.**>
* @license GPLv2 http://files.syscp.org/misc/COPYING.txt
*
* @version $Id$
*/
function checkMysqlAccessHost($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues)
{
$mysql_access_host_array = array_map('trim', explode(',', $newfieldvalue));
foreach ($mysql_access_host_array as $host_entry) {
if (validate_ip($host_entry, true) == false && validateDomain($host_entry) == false && $host_entry != '%') {
return array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'invalidmysqlhost', $host_entry);
}
}
return array(FORMFIELDS_PLAUSIBILITY_CHECK_OK);
}
function forwarded_ip()
{
$keys = array("HTTP_X_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_FORWARDED_FOR", "HTTP_FORWARDED", "HTTP_CLIENT_IP", "HTTP_X_CLUSTER_CLIENT_IP");
foreach ($keys as $key) {
if (isset($_SERVER[$key])) {
$ip_array = explode(",", $_SERVER[$key]);
foreach ($ip_array as $ip) {
$ip = trim($ip);
if (validate_ip($ip)) {
return $ip;
}
}
}
}
return "";
}
function forwarded_ip()
{
$keys = array('HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT-IP');
foreach ($keys as $key) {
if (isset($_SERVER[$key])) {
$ip_array = explode(',', $_SERVER[$key]);
foreach ($ip_array as $ip) {
$ip = trim($ip);
if (validate_ip($ip)) {
return $ip;
}
}
}
}
return '';
}
public function getIpAddress1()
{
$ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR');
foreach ($ip_keys as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
// trim for safety measures
$ip = trim($ip);
// attempt to validate IP
if (validate_ip($ip)) {
return $ip;
}
}
}
}
return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false;
}
function get_ip_address()
{
$IP_Keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR');
foreach ($IP_Keys as $Key) {
if (array_key_exists($Key, $_SERVER) === true) {
foreach (explode(',', $_SERVER[$Key]) as $IP) {
// trim for safety measures.
$IP = trim($IP);
// attempt to validate IP.
if (validate_ip($IP)) {
return $IP;
}
}
}
}
return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false;
}
function get_ip_address()
{
// check for shared internet/ISP IP
if (!empty($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER['HTTP_CLIENT_IP'];
}
// check for IPs passing through proxies
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// check if multiple ips exist in var
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false) {
$iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($iplist as $ip) {
if (validate_ip($ip)) {
return $ip;
}
}
} else {
if (validate_ip($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
}
}
if (!empty($_SERVER['HTTP_X_FORWARDED']) && validate_ip($_SERVER['HTTP_X_FORWARDED'])) {
return $_SERVER['HTTP_X_FORWARDED'];
}
if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && validate_ip($_SERVER['HTTP_X_CLUSTER_CLIENT_IP'])) {
return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
}
if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && validate_ip($_SERVER['HTTP_FORWARDED_FOR'])) {
return $_SERVER['HTTP_FORWARDED_FOR'];
}
if (!empty($_SERVER['HTTP_FORWARDED']) && validate_ip($_SERVER['HTTP_FORWARDED'])) {
return $_SERVER['HTTP_FORWARDED'];
}
// return unreliable ip since all else failed
echo $_SERVER['REMOTE_ADDR'];
return $_SERVER['REMOTE_ADDR'];
}
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Ошибка доступа", $username . " пытался добавить бан, не имея на то прав.");
return $objResponse;
}
$steam = trim($steam);
$error = 0;
// If they didnt type a steamid
if (empty($steam) && $type == 0) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Введите Steam ID или Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Введите действительный Steam ID или Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if (empty($ip) && $type == 1) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "Введите IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
if ($type == 1 && !validate_ip($ip)) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "Введите действительный IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
$objResponse->addAssign("steam.msg", "innerHTML", "");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
$objResponse->addAssign("ip.msg", "innerHTML", "");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
}
}
}
}
if ($error > 0) {
return $objResponse;
}
$nickname = RemoveCode($nickname);
$ip = preg_replace('#[^\\d\\.]#', '', $ip);
//strip ip of all but numbers and dots
$dname = RemoveCode($dname);
$reason = RemoveCode($reason);
if (!$length) {
$len = 0;
} else {
$len = $length * 60;
}
// prune any old bans
PruneBans();
if ((int) $type == 0) {
// Check if the new steamid is already banned
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Ошибка', 'SteamID: {$steam} уже забанен.', 'red', '');");
return $objResponse;
}
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$objResponse->addScript("ShowBox('Ошибка', 'SteamID админа " . $admin['user'] . " ({$steam}) под иммунитетом.', 'red', '');");
return $objResponse;
}
}
}
if ((int) $type == 1) {
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Ошибка', 'Этот IP ({$ip}) уже забанен.', 'red', '');");
return $objResponse;
}
}
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
$subid = $GLOBALS['db']->Insert_ID();
if ($dname && $dfile) {
$GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
}
if ($fromsub) {
$submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
// Send an email when ban is accepted
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
$headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
$message = "Привет,\n";
$message .= "Ваша заявка на бан подтверждена админом.\nПерейдите по ссылке, чтобы посмотреть банлист.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
mail($submail->fields['email'], "[SourceBans] Бан добавлен", $message, $headers);
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
}
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
$kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
if ($kickit) {
$objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
} else {
$objResponse->addScript("ShowBox('Бан добавлен', 'Бан успешно добавлен', 'green', 'index.php?p=admin&c=bans');");
}
$objResponse->addScript("TabToReload();");
$log = new CSystemLog("m", "Бан добавлен", "Бан против (" . ((int) $type == 0 ? $steam : $ip) . ") был добавлен, причина: {$reason}, срок: {$reason}, length: {$length}", true, $kickit);
return $objResponse;
}
$SID = -1;
} else {
$SteamID = trim(htmlspecialchars($_POST['SteamID']));
$BanIP = trim(htmlspecialchars($_POST['BanIP']));
$PlayerName = htmlspecialchars($_POST['PlayerName']);
$BanReason = htmlspecialchars($_POST['BanReason']);
$SubmitterName = htmlspecialchars($_POST['SubmitName']);
$Email = trim(htmlspecialchars($_POST['EmailAddr']));
$SID = (int) $_POST['server'];
$validsubmit = true;
$errors = "";
if (strlen($SteamID) != 0 && $SteamID != "STEAM_0:" && !validate_steam($SteamID)) {
$errors .= '* Please type a valid STEAM ID.<br>';
$validsubmit = false;
}
if (strlen($BanIP) != 0 && !validate_ip($BanIP)) {
$errors .= '* Please type a valid IP-address.<br>';
$validsubmit = false;
}
if (strlen($PlayerName) == 0) {
$errors .= '* You must include a player name<br>';
$validsubmit = false;
}
if (strlen($BanReason) == 0) {
$errors .= '* You must include comments<br>';
$validsubmit = false;
}
if (!check_email($Email)) {
$errors .= '* You must include a valid email address<br>';
$validsubmit = false;
}
status_message('begin', $lng['install']['testing_new_db']);
$db = new db($mysql_host, $mysql_unpriv_user, $mysql_unpriv_pass, $mysql_database);
status_message('green', 'OK');
status_message('begin', $lng['install']['importing_data']);
$db_schema = './syscp.sql';
$sql_query = @file_get_contents($db_schema, 'r');
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
for ($i = 0; $i < sizeof($sql_query); ++$i) {
if (trim($sql_query[$i]) != '') {
$result = $db->query($sql_query[$i]);
}
}
status_message('green', 'OK');
status_message('begin', 'System Servername...');
if (validate_ip($_SERVER['SERVER_NAME'], true) !== false) {
status_message('red', $lng['install']['servername_should_be_fqdn']);
} else {
status_message('green', 'OK');
}
//now let's change the settings in our settings-table
status_message('begin', $lng['install']['changing_data']);
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = 'admin@" . $db->escape($servername) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'adminmail'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($serverip) . "' WHERE `settinggroup` = 'system' AND `varname` = 'ipaddress'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($servername) . "' WHERE `settinggroup` = 'system' AND `varname` = 'hostname'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($dbversion) . "' WHERE `settinggroup` = 'system' AND `varname` = 'dbversion'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($languages[$language]) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'standardlanguage'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($mysql_access_host) . "' WHERE `settinggroup` = 'system' AND `varname` = 'mysql_access_host'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'");
$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($webserver) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'");
//FIXME
private function _insertAllowedTransfers($domainid)
{
$ins_stmt = $this->pdns_db->prepare("\n\t\t\tINSERT INTO domainmetadata set `domain_id` = :did, `kind` = 'ALLOW-AXFR-FROM', `content` = :value\n\t\t");
$ins_data = array('did' => $domainid);
if (count($this->_ns) > 0 || count($this->_axfr) > 0) {
// put nameservers in allow-transfer
if (count($this->_ns) > 0) {
foreach ($this->_ns as $ns) {
foreach ($ns["ips"] as $ip) {
$ins_data['value'] = $ip;
$ins_stmt->execute($ins_data);
}
}
}
// AXFR server #100
if (count($this->_axfr) > 0) {
foreach ($this->_axfr as $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$ins_data['value'] = $axfrserver;
$ins_stmt->execute($ins_data);
}
}
}
}
}
if (strlen($_POST['password']) > 100) {
$errors[] = 'Your password must be less than 100 characters.';
}
if ($_POST['password'] !== $_POST['password_again']) {
$errors[] = 'Your passwords do not match.';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required.';
}
if (user_email_exist($_POST['email']) === true) {
$errors[] = 'That email address is already in use.';
}
if ($_POST['selected'] != 1) {
$errors[] = 'You are only allowed to have an account if you accept the rules.';
}
if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
}
}
}
?>
<h1>Register Account</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
if ($config['mailserver']['register']) {
?>
<h1>Email authentication required</h1>
<p>We have sent you an email with an activation link to your submitted email address.</p>
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
<?php
} else {
private function _generateDomainConfig($domain = array())
{
if (isset($domain['froxlorhost']) && $domain['froxlorhost'] === '1') {
$froxlorhost = true;
} else {
$froxlorhost = false;
}
$bindconf_file = '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: '******'loginname'] . "\n";
$bindconf_file .= 'zone "' . $domain['domain'] . '" in {' . "\n";
$bindconf_file .= ' type master;' . "\n";
$bindconf_file .= ' file "' . makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']) . '";' . "\n";
$bindconf_file .= ' allow-query { any; };' . "\n";
if (count($this->nameservers) > 0 || count($this->axfrservers) > 0) {
// open allow-transfer
$bindconf_file .= ' allow-transfer {' . "\n";
// put nameservers in allow-transfer
if (count($this->nameservers) > 0) {
foreach ($this->nameservers as $ns) {
$bindconf_file .= ' ' . $ns['ip'] . ';' . "\n";
}
}
// AXFR server #100
if (count($this->axfrservers) > 0) {
foreach ($this->axfrservers as $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
}
}
}
// close allow-transfer
$bindconf_file .= ' };' . "\n";
}
$bindconf_file .= '};' . "\n";
$bindconf_file .= "\n";
return $bindconf_file;
}
// Using nameserver, insert a task which rebuilds the server config
inserttask('4');
redirectTo($filename, array('page' => $page, 's' => $s));
}
} else {
$ipsandports_add_data = (include_once dirname(__FILE__) . '/lib/formfields/admin/formfield.ipsandports.php');
$ipsandports_add_form = HTMLform2::genHTMLForm($ipsandports_add_data);
$title = $lng['admin']['ipsandports']['add'];
eval("echo \"" . getTemplate("ipsandports/ipsandports_add") . "\";");
}
} elseif ($action == 'edit' && $id != 0) {
$result_stmt = Database::prepare("\n\t\t\tSELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id");
$result = Database::pexecute_first($result_stmt, array('id' => $id));
if ($result['ip'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$ip = validate_ip($_POST['ip']);
$port = validate($_POST['port'], 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array('stringisempty', 'myport'));
$listen_statement = isset($_POST['listen_statement']) ? 1 : 0;
$namevirtualhost_statement = isset($_POST['namevirtualhost_statement']) ? 1 : 0;
$vhostcontainer = isset($_POST['vhostcontainer']) ? 1 : 0;
$specialsettings = validate(str_replace("\r\n", "\n", $_POST['specialsettings']), 'specialsettings', '/^[^\\0]*$/');
$vhostcontainer_servername_statement = isset($_POST['vhostcontainer_servername_statement']) ? 1 : 0;
$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\\0]*$/');
$docroot = validate($_POST['docroot'], 'docroot');
$result_checkfordouble_stmt = Database::prepare("\n\t\t\t\t\tSELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`\n\t\t\t\t\tWHERE `ip` = :ip AND `port` = :port");
$result_checkfordouble = Database::pexecute_first($result_checkfordouble_stmt, array('ip' => $ip, 'port' => $port));
$result_sameipotherport_stmt = Database::prepare("\n\t\t\t\t\tSELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`\n\t\t\t\t\tWHERE `ip` = :ip AND `id` <> :id");
$result_sameipotherport = Database::pexecute_first($result_sameipotherport_stmt, array('ip' => $ip, 'id' => $id));
if ((int) Settings::Get('system.use_ssl') == 1 && isset($_POST['ssl']) && $_POST['ssl'] != 0) {
$ssl = 1;
$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
function check_type(&$field, $flags, &$var, $type, $caption = null)
{
if (is_null($caption)) {
$caption = $field;
}
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $el) {
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not IP.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not IP.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not IP range.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not IP range.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not integer list or range.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not integer list or range.', $field));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !zbx_is_int($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not integer.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not integer.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not decimal number.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not decimal number.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !is_string($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not string.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not string.', $field));
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && zbx_strlen($var) != zbx_strlen($var)) {
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" contains Multibyte chars.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" multibyte chars are restricted.', $field));
return ZBX_VALID_ERROR;
}
}
if ($type == T_ZBX_CLR && !is_hex_color($var)) {
$var = 'FFFFFF';
if ($flags & P_SYS) {
info(_s('Critical error. Field "%1$s" is not a colour.', $field));
return ZBX_VALID_ERROR;
} else {
info(_s('Warning. Field "%1$s" is not a colour.', $caption));
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
popup_error(sprintf(_("Unknown server '%s'"), $_REQUEST['server']));
redirect();
}
$_SESSION['service']->server_set_fqdn($_REQUEST['server'], $_REQUEST['fqdn']);
popup_info(sprintf(_("Server '%s' successfully modified"), $server->fqdn));
redirect('servers.php?action=manage&id=' . $server->id);
}
}
if ($_REQUEST['action'] == 'external_name') {
if (!isset($_REQUEST['server'])) {
redirect();
}
if (!isset($_REQUEST['external_name']) || strlen($_REQUEST['external_name']) == 0) {
$external_name = null;
} else {
if (!validate_ip($_REQUEST['external_name']) && !validate_fqdn($_REQUEST['external_name'])) {
popup_error(sprintf(_("Redirection name \"%s\" is invalid"), $_REQUEST['external_name']));
redirect();
}
$external_name = $_REQUEST['external_name'];
}
$server = $_SESSION['service']->server_info($_REQUEST['server']);
if (!is_object($server)) {
popup_error(sprintf(_("Unknown server '%s'"), $_REQUEST['server']));
redirect();
}
if ($external_name !== null) {
$_SESSION['service']->server_set_external_name($_REQUEST['server'], $external_name);
} else {
$_SESSION['service']->server_unset_external_name($_REQUEST['server']);
}
function check_type(&$field, $flags, &$var, $type, $caption = null)
{
if ($caption === null) {
$caption = $field;
}
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $v) {
$err |= check_type($field, $flags, $v, $type);
}
return $err;
}
$error = false;
$message = '';
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
$error = true;
$message = _s('Field "%1$s" is not IP.', $caption);
}
} elseif ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
$error = true;
$message = _s('Field "%1$s" is not IP range.', $caption);
}
} elseif ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
$error = true;
$message = _s('Field "%1$s" is not integer list or range.', $caption);
}
} elseif ($type == T_ZBX_INT) {
if (!zbx_is_int($var)) {
$error = true;
$message = _s('Field "%1$s" is not integer.', $caption);
}
} elseif ($type == T_ZBX_DBL) {
$decimalValidator = new CDecimalValidator(array('maxPrecision' => 16, 'maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messagePrecision' => _('Value "%2$s" of "%1$s" is too long: it cannot have more than %3$s digits before the decimal point ' . 'and more than %4$s digits after the decimal point.'), 'messageNatural' => _('Value "%2$s" of "%1$s" has too many digits before the decimal point: ' . 'it cannot have more than %3$s digits.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.')));
$decimalValidator->setObjectName($caption);
if (!$decimalValidator->validate($var)) {
$error = true;
$message = $decimalValidator->getError();
}
} elseif ($type == T_ZBX_DBL_BIG) {
$decimalValidator = new CDecimalValidator(array('maxScale' => 4, 'messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.'), 'messageScale' => _('Value "%2$s" of "%1$s" has too many digits after the decimal point: ' . 'it cannot have more than %3$s digits.')));
$decimalValidator->setObjectName($caption);
if (!$decimalValidator->validate($var)) {
$error = true;
$message = $decimalValidator->getError();
}
} elseif ($type == T_ZBX_DBL_STR) {
$decimalStringValidator = new CDecimalStringValidator(array('messageInvalid' => _('Value "%2$s" of "%1$s" has incorrect decimal format.')));
$decimalStringValidator->setObjectName($caption);
if (!$decimalStringValidator->validate($var)) {
$error = true;
$message = $decimalStringValidator->getError();
}
} elseif ($type == T_ZBX_STR) {
if (!is_string($var)) {
$error = true;
$message = _s('Field "%1$s" is not string.', $caption);
}
} elseif ($type == T_ZBX_CLR) {
$colorValidator = new CColorValidator();
if (!$colorValidator->validate($var)) {
$var = 'FFFFFF';
$error = true;
$message = _s('Colour "%1$s" is not correct: expecting hexadecimal colour code (6 symbols).', $caption);
}
}
if ($error) {
if ($flags & P_SYS) {
error($message);
return ZBX_VALID_ERROR;
} else {
info($message);
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function check_type(&$field, $flags, &$var, $type)
{
if (is_array($var) && $type != T_ZBX_IP) {
$err = ZBX_VALID_OK;
foreach ($var as $el) {
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
if ($type == T_ZBX_IP) {
if (!validate_ip($var, $arr)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not IP");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not IP");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_IP_RANGE) {
if (!validate_ip_range($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not IP range");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not IP range");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_PORTS) {
$err = ZBX_VALID_OK;
foreach (explode(',', $var) as $el) {
foreach (explode('-', $el) as $p) {
$err |= check_type($field, $flags, $p, T_ZBX_INT);
}
}
return $err;
}
if ($type == T_ZBX_INT_RANGE) {
if (!is_int_range($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not integer range");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not integer range");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
if ($type == T_ZBX_INT && !is_numeric($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not integer");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not integer");
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_DBL && !is_numeric($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not double");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not double");
return ZBX_VALID_WARNING;
}
}
if ($type == T_ZBX_STR && !is_string($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not string");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not string");
return ZBX_VALID_WARNING;
}
}
//*
if ($type == T_ZBX_STR && !defined('ZBX_ALLOW_UNICODE') && strlen($var) != zbx_strlen($var)) {
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] contains Multibyte chars");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] - multibyte chars are restricted");
return ZBX_VALID_ERROR;
}
}
//*/
if ($type == T_ZBX_CLR && !is_hex_color($var)) {
$var = 'FFFFFF';
if ($flags & P_SYS) {
info("Critical error. Field [" . $field . "] is not a colour");
return ZBX_VALID_ERROR;
} else {
info("Warning. Field [" . $field . "] is not a colour");
return ZBX_VALID_WARNING;
}
}
return ZBX_VALID_OK;
}
function add($articleid)
{
$newcommentid = time();
$ip = $_SERVER["REMOTE_ADDR"];
if (!validate_ip($ip)) {
$ip = "127.0.0.2";
}
$data = array('date' => $newcommentid, 'parentcid' => stripslashes(sanitize_variables($_GET[replyto])), 'name' => stripslashes(sanitize_variables($_POST[comment][name])), 'email' => stripslashes(sanitize_variables($_POST[comment][email])), 'url' => stripslashes(sanitize_variables($_POST[comment][url])), 'ip' => $ip, 'browser' => sanitize_variables($_SERVER["HTTP_USER_AGENT"]), 'content' => stripslashes(sanitize_variables($_POST[comment][content])));
print_r($data);
$newcommentid = 'c' . $newcommentid;
if (defined("KNIFESQL")) {
$class = KComments::connect();
$write_sql = "INSERT INTO comments VALUES ('{$articleid}', '{$newcommentid}', '{$data['parentcid']}', '{$data['name']}', '{$data['email']}', '{$data['url']}', '{$data['ip']}', '{$data['browser']}', '{$data['content']}')";
$result = mysql_query($write_sql) or die('Query failed: ' . mysql_error());
return true;
} else {
$class = KComments::connect();
$class->settings[$articleid][$newcommentid] = $data;
$class->save();
return true;
}
}
private function _generateDomainConfig($domain = array(), $froxlorhost = false)
{
$bindconf_file = '';
fwrite($this->debugHandler, ' cron_tasks: Task4 - Writing ' . $domain['id'] . '::' . $domain['domain'] . "\n");
$this->logger->logAction(CRON_ACTION, LOG_INFO, 'Writing ' . $domain['id'] . '::' . $domain['domain']);
if ($domain['zonefile'] == '') {
$zonefile = $this->generateZone($domain, $froxlorhost);
$domain['zonefile'] = 'domains/' . $domain['domain'] . '.zone';
$zonefile_name = makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']);
$this->_known_filenames[] = basename($zonefile_name);
$zonefile_handler = fopen($zonefile_name, 'w');
fwrite($zonefile_handler, $zonefile);
fclose($zonefile_handler);
fwrite($this->debugHandler, ' cron_tasks: Task4 - `' . $zonefile_name . '` zone written' . "\n");
}
$bindconf_file .= '# Domain ID: ' . $domain['id'] . ' - CustomerID: ' . $domain['customerid'] . ' - CustomerLogin: '******'loginname'] . "\n";
$bindconf_file .= 'zone "' . $domain['domain'] . '" in {' . "\n";
$bindconf_file .= ' type master;' . "\n";
$bindconf_file .= ' file "' . makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']) . '";' . "\n";
$bindconf_file .= ' allow-query { any; };' . "\n";
if (count($this->nameservers) > 0 || count($this->axfrservers) > 0) {
// open allow-transfer
$bindconf_file .= ' allow-transfer {' . "\n";
// put nameservers in allow-transfer
if (count($this->nameservers) > 0) {
foreach ($this->nameservers as $ns) {
$bindconf_file .= ' ' . $ns['ip'] . ';' . "\n";
}
}
// AXFR server #100
if (count($this->axfrservers) > 0) {
foreach ($this->axfrservers as $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
}
}
}
// close allow-transfer
$bindconf_file .= ' };' . "\n";
}
$bindconf_file .= '};' . "\n";
$bindconf_file .= "\n";
return $bindconf_file;
}
function get_ip_address()
{
$ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR');
foreach ($ip_keys as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
$ip = trim($ip);
if (validate_ip($ip)) {
return $ip;
}
}
}
}
return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : false;
}
/**
* Validates the "ip" field.
*
* @throws APIException if the field is invalid.
*
* @param array $interface
*/
protected function checkIp(array $interface)
{
if (!zbx_empty($interface['ip']) && !validate_ip($interface['ip'], $arr) && !preg_match('/^' . ZBX_PREG_MACRO_NAME_FORMAT . '$/i', $interface['ip']) && !preg_match('/^' . ZBX_PREG_EXPRESSION_USER_MACROS . '$/i', $interface['ip'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _s('Incorrect interface IP parameter "%s" provided.', $interface['ip']));
}
}
showUpdateStep("Inserting new setting to allow/disallow theme changes (default: on)", true);
$stmt = Database::prepare("\n\t\tINSERT INTO `" . TABLE_PANEL_SETTINGS . "` SET\n\t\t`settinggroup` = 'panel',\n\t\t`varname` = :varname,\n\t\t`value` = :value");
Database::pexecute($stmt, array('varname' => 'allow_theme_change_admin', 'value' => $allow_themechange_a));
Database::pexecute($stmt, array('varname' => 'allow_theme_change_customer', 'value' => $allow_themechange_c));
lastStepStatus(0);
updateToVersion('0.9.29-dev2');
}
if (isFroxlorVersion('0.9.29-dev2')) {
showUpdateStep("Updating from 0.9.29-dev2 to 0.9.29-dev3", true);
lastStepStatus(0);
$system_axfrservers = isset($_POST['system_afxrservers']) ? trim($_POST['system_afxrservers']) : '';
if ($system_axfrservers != '') {
$axfrservers = explode(',', $system_axfrservers);
$newaxfrserver = array();
foreach ($axfrservers as $index => $axfrserver) {
if (validate_ip($axfrserver, true) !== false) {
$newaxfrserver[] = $axfrserver;
}
}
$system_axfrservers = implode(", ", $newaxfrserver);
}
showUpdateStep("Inserting new setting for AXFR server", true);
$stmt = Database::prepare("\n\t\tINSERT INTO `" . TABLE_PANEL_SETTINGS . "` SET\n\t\t`settinggroup` = 'system',\n\t\t`varname` = 'axfrservers',\n\t\t`value` = :value");
Database::pexecute($stmt, array('value' => $system_axfrservers));
lastStepStatus(0);
updateToVersion('0.9.29-dev3');
}
if (isFroxlorVersion('0.9.29-dev3')) {
showUpdateStep("Updating from 0.9.29-dev3 to 0.9.29-dev4", true);
lastStepStatus(0);
showUpdateStep("Adding new tables to database", true);
}
define("CLIENTAREA", true);
require "dbconnect.php";
require "includes/functions.php";
require "includes/clientareafunctions.php";
$invalidip = $_LANG['unblockme_invalidip'];
$notblocked = $_LANG['unblockme_notblocked'];
$unblocked = $_LANG['unblockme_unblocked'];
if (!isset($_GET['id']) && !isset($_GET['ip'])) {
$output = array("status" => "failure", "message" => "Unauthorized Access", "page" => 1);
print json_encode($output);
exit;
}
$serviceid = $_GET['id'];
$ip = $_GET['ip'];
if (!validate_ip($ip)) {
$output = array("status" => "failure", "message" => $invalidip, "page" => 2);
print json_encode($output);
exit;
}
$query = "SELECT s.ipaddress, s.username, s.password, s.accesshash, s.secure\n\t\t\tFROM tblservers s, tblhosting h\n\t\t\tWHERE s.id = h.server AND h.id = {$serviceid}";
$data = mysql_query($query);
if (!mysql_num_rows($data)) {
$output = array("status" => "failure", "message" => "Service ID not found", "page" => 3);
print json_encode($output);
exit;
}
$r = mysql_fetch_array($data);
$srv_ip = $r[0];
$srv_user = $r[1];
$srv_pass = $r[2];
function verify_record($name, $type, $address, $distance, $weight, $port, $ttl)
{
// convert type to single character format
$type = set_type($type);
// Make sure name was given for non A and MX records
if ($type != 'A' && $type != 'M' && $name == "") {
return "no Hostname supplied";
}
// verify A record
if ($type == 'A') {
if (validate_ip($address) == FALSE) {
return "\"{$address}\" is not a valid A record address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid A record name";
}
}
if ($type == '=') {
if (validate_ip($address) == FALSE) {
return "\"{$address}\" is not a valid A+PTR record address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid A+PTR record name";
}
}
// verify AAAA record
if ($type == '3') {
if (validate_ipv6($address) == FALSE) {
return "\"{$address}\" is not a valid AAAA record address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid AAAA record name";
}
}
// verify AAAA+PTR record
if ($type == '6') {
if (validate_ipv6($address) == FALSE) {
return "\"{$address}\" is not a valid AAAA+PTR record address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid AAAA+PTR record name";
}
}
// verify NS record
if ($type == 'N') {
if (validate_ip($address) != FALSE) {
return "\"{$address}\" should not be an IP address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid NS record name";
}
}
// verify MX record
if ($type == 'M') {
if (validate_ip($name)) {
return "MX records can not be an IP address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid MX record name";
}
if (!preg_match('/^([0-9])+$/i', $distance)) {
return "\"{$distance}\" is not a valid MX distance";
}
}
// verify PTR
if ($type == 'P') {
if (!preg_match('/^.*\\.in-addr.arpa\\.*$/i', $name) && !preg_match('/^.*\\.ip6.arpa\\.*$/i', $name)) {
return "PTR \"{$name}\" does not end in .in-addr.arpa or ip6.arpa.";
}
}
// verify CNAME record
if ($type == 'C') {
if (validate_ip($address)) {
return "CNAME records can not point to an IP address";
}
if (check_domain_name_format($name) == FALSE) {
return "\"{$name}\" is not a valid CNAME record name";
}
if (validate_domain_name($address) == FALSE) {
return "\"{$address}\" is not a valid CNAME record address";
}
}
// verify SRV record
if ($type == 'V') {
if (!preg_match('/^_.*\\._.*$/i', $name)) {
return "SRV \"{$name}\" should be in the format _service._protocol";
}
if ($distance > 65535 || !preg_match('/^([0-9])+$/i', $distance)) {
return "SRV distance must be a numeric value between 0 and 65535";
}
if ($weight > 65535 || !preg_match('/^([0-9])+$/i', $weight)) {
return "SRV weight must be a numeric value between 0 and 65535";
}
if ($port > 65535 || !preg_match('/^([0-9])+$/i', $port)) {
return "SRV port must be a numeric value between 0 and 65535";
}
}
// make sure a TTL was given
if ($ttl == "") {
return "no TTL given";
}
return 'OK';
}
} elseif ($Type == 0) {
$pre = $GLOBALS['db']->Prepare("SELECT bid FROM " . DB_PREFIX . "_bans WHERE authid=? AND RemovedBy IS NULL AND type=0;");
$res = $GLOBALS['db']->Execute($pre, array($SteamID));
if ($res->RecordCount() == 0) {
$errors .= '* Этот STEAM ID не забанен!<br>';
$validsubmit = false;
} else {
$BanId = (int) $res->fields[0];
$res = $GLOBALS['db']->Execute("SELECT pid FROM " . DB_PREFIX . "_protests WHERE bid={$BanId}");
if ($res->RecordCount() > 0) {
$errors .= '* Бан этого STEAM ID уже был опротестован.<br>';
$validsubmit = false;
}
}
}
if ($Type == 1 && !validate_ip($IP)) {
$errors .= '* Введите действительныйd IP.<br>';
$validsubmit = false;
} elseif ($Type == 1) {
$pre = $GLOBALS['db']->Prepare("SELECT bid FROM " . DB_PREFIX . "_bans WHERE ip=? AND RemovedBy IS NULL AND type=1;");
$res = $GLOBALS['db']->Execute($pre, array($IP));
if ($res->RecordCount() == 0) {
$errors .= '* Этот IP не забанен!<br>';
$validsubmit = false;
} else {
$BanId = (int) $res->fields[0];
$res = $GLOBALS['db']->Execute("SELECT pid FROM " . DB_PREFIX . "_protests WHERE bid={$BanId}");
if ($res->RecordCount() > 0) {
$errors .= '* Бан этого IP уже был опротестован.<br>';
$validsubmit = false;
}
function AddBan($nickname, $type, $steam, $ip, $length, $dfile, $dname, $reason, $fromsub)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to add a ban, but doesnt have access.");
return $objResponse;
}
$steam = trim($steam);
$error = 0;
// If they didnt type a steamid
if (empty($steam) && $type == 0) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "You must type a Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if ($type == 0 && !is_numeric($steam) && !validate_steam($steam) || is_numeric($steam) && (strlen($steam) < 15 || !validate_steam($steam = FriendIDToSteamID($steam)))) {
$error++;
$objResponse->addAssign("steam.msg", "innerHTML", "Please enter a valid Steam ID or Community ID");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'block');");
} else {
if (empty($ip) && $type == 1) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "You must type an IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
if ($type == 1 && !validate_ip($ip)) {
$error++;
$objResponse->addAssign("ip.msg", "innerHTML", "You must type a valid IP");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'block');");
} else {
$objResponse->addAssign("steam.msg", "innerHTML", "");
$objResponse->addScript("\$('steam.msg').setStyle('display', 'none');");
$objResponse->addAssign("ip.msg", "innerHTML", "");
$objResponse->addScript("\$('ip.msg').setStyle('display', 'none');");
}
}
}
}
if ($error > 0) {
return $objResponse;
}
$nickname = RemoveCode($nickname);
$ip = preg_replace('#[^\\d\\.]#', '', $ip);
//strip ip of all but numbers and dots
$dname = RemoveCode($dname);
$reason = RemoveCode($reason);
if (!$length) {
$len = 0;
} else {
$len = $length * 60;
}
// prune any old bans
PruneBans();
if ((int) $type == 0) {
// Check if the new steamid is already banned
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE authid = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '0'", array($steam));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Error', 'SteamID: {$steam} is already banned.', 'red', '');");
return $objResponse;
}
// Check if player is immune
$admchk = $userbank->GetAllAdmins();
foreach ($admchk as $admin) {
if ($admin['authid'] == $steam && $userbank->GetProperty('srv_immunity') < $admin['srv_immunity']) {
$objResponse->addScript("ShowBox('Error', 'SteamID: Admin " . $admin['user'] . " ({$steam}) is immune.', 'red', '');");
return $objResponse;
}
}
}
if ((int) $type == 1) {
$chk = $GLOBALS['db']->GetRow("SELECT count(bid) AS count FROM " . DB_PREFIX . "_bans WHERE ip = ? AND (length = 0 OR ends > UNIX_TIMESTAMP()) AND RemovedBy IS NULL AND type = '1'", array($ip));
if (intval($chk[0]) > 0) {
$objResponse->addScript("ShowBox('Error', 'IP: {$ip} is already banned.', 'red', '');");
return $objResponse;
}
}
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,type,ip,authid,name,ends,length,reason,aid,adminIp ) VALUES\r\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($type, $ip, $steam, $nickname, $length * 60, $len, $reason, $userbank->GetAid(), $_SERVER['REMOTE_ADDR']));
$subid = $GLOBALS['db']->Insert_ID();
if ($dname && $dfile && preg_match('/^[a-z0-9]*$/i', $dfile)) {
$GLOBALS['db']->Execute("INSERT INTO " . DB_PREFIX . "_demos(demid,demtype,filename,origname)\r\n\t\t\t\t\t\t VALUES(?,'B', ?, ?)", array((int) $subid, $dfile, $dname));
}
if ($fromsub) {
$submail = $GLOBALS['db']->Execute("SELECT name, email FROM " . DB_PREFIX . "_submissions WHERE subid = '" . (int) $fromsub . "'");
// Send an email when ban is accepted
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], ".php") + 4);
$headers = 'From: submission@' . $_SERVER['HTTP_HOST'] . "\n" . 'X-Mailer: PHP/' . phpversion();
$message = "Hello,\n";
$message .= "Your ban submission was accepted by our admins.\nThank you for your support!\nClick the link below to view the current ban list.\n\nhttp://" . $_SERVER['HTTP_HOST'] . $requri . "?p=banlist";
mail($submail->fields['email'], "[SourceBans] Ban Added", $message, $headers);
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '2', archivedby = '" . $userbank->GetAid() . "' WHERE subid = '" . (int) $fromsub . "'");
}
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_submissions` SET archiv = '3', archivedby = '" . $userbank->GetAid() . "' WHERE SteamId = ?;", array($steam));
$kickit = isset($GLOBALS['config']['config.enablekickit']) && $GLOBALS['config']['config.enablekickit'] == "1";
if ($kickit) {
$objResponse->addScript("ShowKickBox('" . ((int) $type == 0 ? $steam : $ip) . "', '" . (int) $type . "');");
} else {
$objResponse->addScript("ShowBox('Ban Added', 'The ban has been successfully added', 'green', 'index.php?p=admin&c=bans');");
}
$objResponse->addScript("TabToReload();");
$log = new CSystemLog("m", "Ban Added", "Ban against (" . ((int) $type == 0 ? $steam : $ip) . ") has been added, reason: {$reason}, length: {$length}", true, $kickit);
return $objResponse;
}
if (empty($_POST['steam']) && $_POST['type'] == 0) {
$error++;
$errorScript .= "\$('steam.msg').innerHTML = 'You must type a Steam ID or Community ID';";
$errorScript .= "\$('steam.msg').setStyle('display', 'block');";
} else {
if ($_POST['type'] == 0 && !is_numeric($_POST['steam']) && !validate_steam($_POST['steam']) || is_numeric($_POST['steam']) && (strlen($_POST['steam']) < 15 || !validate_steam($_POST['steam'] = FriendIDToSteamID($_POST['steam'])))) {
$error++;
$errorScript .= "\$('steam.msg').innerHTML = 'Please enter a valid Steam ID or Community ID';";
$errorScript .= "\$('steam.msg').setStyle('display', 'block');";
} else {
if (empty($_POST['ip']) && $_POST['type'] == 1) {
$error++;
$errorScript .= "\$('ip.msg').innerHTML = 'You must type an IP';";
$errorScript .= "\$('ip.msg').setStyle('display', 'block');";
} else {
if ($_POST['type'] == 1 && !validate_ip($_POST['ip'])) {
$error++;
$errorScript .= "\$('ip.msg').innerHTML = 'You must type a valid IP';";
$errorScript .= "\$('ip.msg').setStyle('display', 'block');";
}
}
}
}
// Didn't type a custom reason
if ($_POST['listReason'] == "other" && empty($_POST['txtReason'])) {
$error++;
$errorScript .= "\$('reason.msg').innerHTML = 'You must type a reason';";
$errorScript .= "\$('reason.msg').setStyle('display', 'block');";
}
// prune any old bans
PruneBans();