Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,10 @@ $RECYCLE.BIN/
Network Trash Folder
Temporary Items
.apdisk

# =========================
# SourceBans
# =========================
web_upload/data/config.php
web_upload/data/theme_c/*.php
web_upload/data/theme/*
1 change: 0 additions & 1 deletion web_upload/data/db.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
<?php
if (!defined('IN_SB'))
exit();

/**
* This file contains all database configurations for
* using in SourceBans in new DB Framework.
Expand Down
168 changes: 168 additions & 0 deletions web_upload/includes/CDonate.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
<?php
/**************************************************************************
* Эта программа является частью SourceBans ++.
*
* Все права защищены © 2014-2016 Sarabveer Singh <me@sarabveer.me>
*
* SourceBans++ распространяется под лицензией
* Creative Commons Attribution-NonCommercial-ShareAlike 3.0.
*
* Вы должны были получить копию лицензии вместе с этой работой. Если нет,
* см. <http://creativecommons.org/licenses/by-nc-sa/3.0/>.
*
* ПРОГРАММНОЕ ОБЕСПЕЧЕНИЕ ПРЕДОСТАВЛЯЕТСЯ «КАК ЕСТЬ», БЕЗ КАКИХ-ЛИБО
* ГАРАНТИЙ, ЯВНЫХ ИЛИ ПОДРАЗУМЕВАЕМЫХ, ВКЛЮЧАЯ, НО НЕ ОГРАНИЧИВАЯСЬ,
* ГАРАНТИИ ПРИГОДНОСТИ ДЛЯ КОНКРЕТНЫХ ЦЕЛЕЙ И НЕНАРУШЕНИЯ. НИ ПРИ КАКИХ
* ОБСТОЯТЕЛЬСТВАХ АВТОРЫ ИЛИ ПРАВООБЛАДАТЕЛИ НЕ НЕСУТ ОТВЕТСТВЕННОСТИ ЗА
* ЛЮБЫЕ ПРЕТЕНЗИИ, ИЛИ УБЫТКИ, НЕЗАВИСИМО ОТ ДЕЙСТВИЯ ДОГОВОРА,
* ГРАЖДАНСКОГО ПРАВОНАРУШЕНИЯ ИЛИ ИНАЧЕ, ВОЗНИКАЮЩИЕ ИЗ, ИЛИ В СВЯЗИ С
* ПРОГРАММНЫМ ОБЕСПЕЧЕНИЕМ ИЛИ ИСПОЛЬЗОВАНИЕМ ИЛИ ИНЫМИ ДЕЙСТВИЯМИ
* ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ.
*
* Эта программа базируется на работе, охватываемой следующим авторским
* правом (ами):
*
* * SourceBans 1.4.11
* Copyright © 2007-2014 SourceBans Team - Part of GameConnect
* Выпущено под лицензией CC BY-NC-SA 3.0
* Страница: <http://www.sourcebans.net/> - <http://www.gameconnect.net/>
*
* * SourceBans TF2 Theme v1.0
* Copyright © 2014 IceMan
* Страница: <https://forums.alliedmods.net/showthread.php?t=252533>
*
***************************************************************************/

if (!defined('IN_SB')) {echo("You should not be here. Only follow links!");die();}

class CDonate {
private $hooks = array();

/**
* Add tariff
*
* @return int
*/
public function AddTariff($name, $price, $expired, $desc, $webflags, $serverflags, $immunity, $servers) {
$query = sprintf("INSERT INTO `%s_billing_admintariffs` (`name`, `price`, `expired`, `desc`, `webflags`, `serverflags`, `immunity`, `servers`) VALUES (%s, %d, %d, %s, %s, %s, %d, %s)", DB_PREFIX, $GLOBALS['db']->qstr($name), $price, $expired, $GLOBALS['db']->qstr($desc), $GLOBALS['db']->qstr($webflags), $GLOBALS['db']->qstr($serverflags), $immunity, $GLOBALS['db']->qstr($servers));
$GLOBALS['db']->Execute($query);
return $GLOBALS['db']->Insert_ID();
}

/**
* Add admin request payment
*
* @return int
*/
public function AddPayment_Admin($name, $authid, $tariff, $vk = '', $skype = '') {
if (!$this->IsTariffExists($tariff))
return -1;

$query = sprintf("INSERT INTO `%s_billing_adminpayments` (`name`, `authid`, `tariff`, `vk`, `skype`) VALUES (%s, %s, %d, %s, %s);", DB_PREFIX, $GLOBALS['db']->qstr($name), $GLOBALS['db']->qstr($authid), (int) $tariff, $GLOBALS['db']->qstr($vk), $GLOBALS['db']->qstr($skype));
$GLOBALS['db']->Execute($query);
return $GLOBALS['db']->Insert_ID();
}

/**
* Add unban request payment
*
* @return int
*/
public function AddPayment_Unban($banid) {
// IN DEVELOPING
}

// HELPERS //
/**
* Get client IP
*
* @return string ClientIP
*/
public static function getIP() {
return $_SERVER[isset($_SERVER['HTTP_X_REAL_IP'])?'HTTP_X_REAL_IP':'REMOTE_ADDR'];
}

/**
* Checks tariff on exists.
*
* @return bool
*/
public static function IsTariffExists($id) {
return $GLOBALS['db']->GetOne(sprintf("SELECT COUNT(*) FROM `%s_billing_admintariffs` WHERE `id` = %d;", DB_PREFIX, (int) $id)) == 1;
}

/**
* Register event hook.
*
* @noreturn
*/
public function registerEvent($event_name, $func) {
$this->hooks[$event_name][] = $func;
}

/**
* Fires a event for donate submodules
*
* @noreturn
*/
public function fireEvent($event_name, $data) {
if (!isset($this->hooks[$event_name]))
return;

foreach ($this->hooks[$event_name] as $event_handler) {
call_user_func_array($event_handler, $data);
}
}
}

// This is skeleton for custom user payment services. DO NOT EDIT THIS.
class CPaymentService {
/**
* Returns the name of this SourceBans Payment Service.
*
* @return string Service name
*/
public function getName() {}

/**
* Returns the author name. Allowed HTML chars.
*
* @return string Author Name
*/
public function getAuthor() {}

/**
* Returns the version.
*
* @return string Version
*/
public function getVersion() {}

/**
* Returns the provider WebSite.
*
* @return string Provider site
*/
public function getUrl() {}

/**
* Generate client sign.
*
* @return string ClientSign
*/
public function getClientSign() {}

/**
* Generate notification sign.
*
* @return string NotifySign
*/
public function getNotifySign() {}

/**
* Generate URL for client redirect.
*
* @return string URL.
*/
public function generatePaymentUrl() {}
}
116 changes: 116 additions & 0 deletions web_upload/includes/SessionManager.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
<?php
class SessionManager {
public static function startSession($name, $expires = 86400, $path = '/', $domain = null) {
session_name($name . '_SB');

$domain = isset($domain) ? $domain : $_SERVER['SERVER_NAME'];
$secure = ($_SERVER['SERVER_PORT'] === 443) ? true : false;

session_set_cookie_params($expires, $path, $domain, $secure, true);
session_start();

if (self::ValidateSession()) {
if (!self::PreventHijacking()) {
$_SESSION = [];
self::regenerateSession();

$_SESSION = [
'user_agent' => hash('sha256', $_SERVER['HTTP_USER_AGENT']),
'expires' => time() + $expires
];
} else if ((rand(1, 100) <= 10) && !isset($_POST['xajax'])) {
self::regenerateSession();
}
}
}

public static function checkSession() {
if (!isset($_SESSION['user_agent']))
return false;

if (!self::validateSession() || !self::preventHijacking()) {
session_destroy();
session_start();

return false;
}

return true;
}

public static function closeWrite() {
@session_write_close();
}

protected static function preventHijacking() {
if (!isset($_SESSION['user_agent']))
return false;

if ($_SESSION['user_agent'] !== hash('sha256', $_SERVER['HTTP_USER_AGENT']))
return false;

return true;
}

protected static function regenerateSession() {
$_SESSION['expires'] = time() + 10;

session_regenerate_id(false);
$newSession = session_id();

self::closeWrite();
session_id($newSession);
session_start();
unset($_SESSION['expires']);
}

protected static function validateSession() {
return (
!isset($_SESSION['expires']) ||
$_SESSION['expires'] >= time()
);
}

/**
* @section CSRF
*/
public static function initCsrf() {
if (isset($_SESSION['csrf']))
return;

$_SESSION['csrf'] = md5($_SESSION['user_agent']);
$_SESSION['csrf_valid'] = time() + 45;
}

public static function getCsrfToken() {
if (!isset($_SESSION['csrf']))
self::initCsrf();
return $_SESSION['csrf'];
}

public static function checkCsrf($where = INPUT_POST) {
if (!isset($_SESSION['csrf']))
return false;
if ($_SESSION['csrf_valid'] <= time())
return false;

$valid = (self::getCsrfToken() == filter_input($where, '__sb_csrf', FILTER_SANITIZE_STRING));

if ($valid)
$_SESSION['csrf_valid'] = time() + 45;
return $valud;
}

/**
* @section Session Name
*/
public static function getSessionName() {
if (defined('SB_SESSION')) {
$session = constant('SB_SESSION');
if (!empty($session))
return $session;
}

return substr(md5($_SERVER['SERVER_NAME']), 0, 8);
}
}
13 changes: 13 additions & 0 deletions web_upload/includes/__loader.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?php
function RegisterDirForAutoload($dir = NULL) {
if ($dir === NULL)
$dirname = dirname(__FILE__);

spl_autoload_register(function($className) use ($dir) {
$className = str_replace('\\', '/', $className);
$path = "$dir/$className.php";

if (file_exists($path))
require_once($path);
});
}
3 changes: 0 additions & 3 deletions web_upload/includes/classes/Autoloader.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,6 @@ private static function TriggerLoad($ClassName) {
$ClassPath = "{$DirPath}/{$ClassName}.php";
if (file_exists($ClassPath)) {
require($ClassPath);

if (is_callable([$ClassName, 'boot']))
call_user_func_array([$ClassName, 'boot'], []);
break;
}
}
Expand Down
11 changes: 0 additions & 11 deletions web_upload/includes/classes/Database.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,6 @@ public function Prepare($query) {
$this->Statement = new \DatabaseResult($this->PDO->prepare($query));
}

public function GetStatement($cleanup = true) {
if ($this->Statement === NULL)
throw new \LogicException('No one query has been prepared');

$Stmt = $this->Statement;
if ($cleanup)
$this->Statement = null;

return $Stmt;
}

public function BindData($name, $value, $type = NULL) {
if ($this->Statement === NULL)
throw new \LogicException('No one query has been prepared');
Expand Down
34 changes: 28 additions & 6 deletions web_upload/includes/system-functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -1041,12 +1041,34 @@ function renderSteam2($accountId, $universe)
return "STEAM_" . $universe . ":" . ($accountId & 1) . ":" . ($accountId >> 1);
}

function SBDate($format, $timestamp = -1) {
TimeZone::setFormat($format);
if ($timestamp == -1)
$timestamp = time();

return TimeZone::FormatTime($timestamp);
function SBDate($format, $timestamp="")
{
if(version_compare(PHP_VERSION, "5") != -1)
{
if($GLOBALS['config']['config.summertime'] == "1")
{
$str = date("r", $timestamp);
$date = new DateTime($str);
$date->modify("+1 hour");
return $date->format($format);
}
else if(empty($timestamp))
return date($format);
}
else
{
if($GLOBALS['config']['config.summertime'] == "1") {
$summertime = 3600;
} else {
$summertime = 0;
}
if(empty($timestamp)) {
$timestamp = time() + SB_TIMEZONE*3600 + $summertime;
} else {
$timestamp = $timestamp + SB_TIMEZONE*3600 + $summertime;
}
}
return date($format, $timestamp);
}

/**
Expand Down
Loading