Subversion Repositories webcp

Compare Revisions

Ignore whitespace Rev 495 → Rev 496

/trunk/bans.php
46,7 → 46,7
elseif (isset($_POST['input'], $_POST['unban-ip']))
{
$col = 'ip';
$val = ip2long($_POST['input']);
$val = ip2long(webcp_decrypt_ip($_POST['input']));
if (!$val)
{
$tpl->error = 'Malformed IP address.';
57,7 → 57,7
elseif (isset($_POST['input'], $_POST['unban-hdid']))
{
$col = 'hdid';
$hdid = explode('-', $_POST['input']);
$hdid = explode('-', webcp_decrypt_hdid($_POST['input']));
if (isset($hdid[1]))
{
$val = hexdec($hdid[0]) * 0x10000 + hexdec($hdid[1]);
73,7 → 73,7
$tpl->Execute('error');
exit;
}
$rows = webcp_db_execute("DELETE FROM bans WHERE $col = ? AND expires != 0", time(), $val);
$rows = webcp_db_execute("DELETE FROM bans WHERE $col = ?", $val);
$tpl->message = $rows ." ban(s) removed.";
break;
}
97,13 → 97,22
$ban['nouser'] = $ban['username']===null;
$ban['noip'] = $ban['ip']===null;
$ban['nohdid'] = $ban['hdid']===null;
$ban['ip_str'] = $ban['ip']===null?'-':long2ip($ban['ip']);
$ban['ip_str'] = $ban['ip']===null?'-':webcp_encrypt_ip(long2ip($ban['ip']));
$ban['setter'] = ucfirst($ban['setter']);
$ban['hdid_str'] = sprintf("%08x", (double)$ban['hdid']);
$ban['hdid_str'] = strtoupper(substr($ban['hdid_str'],0,4).'-'.substr($ban['hdid_str'],4,4));
$ban['hdid_str'] = $ban['hdid']===null?'-':$ban['hdid_str'];
if ($ban['expires'] == -1)
 
if (!is_null($ban['hdid']))
{
$ban['hdid_str'] = sprintf("%08x", (double)$ban['hdid']);
$ban['hdid_str'] = strtoupper(substr($ban['hdid_str'],0,4).'-'.substr($ban['hdid_str'],4,4));
$ban['hdid_str'] = webcp_encrypt_hdid($ban['hdid_str']);
}
else
{
$ban['hdid_str'] = '-';
}
 
if ($ban['expires'] <= 0)
{
$ban['remaining'] = '<b>Permanent</b>';
}
elseif ($ban['expires'] <= time())
/trunk/common.php
101,6 → 101,16
echo "Total execution time: $exectime ms";
}
 
function webcp_trunc($word, $len)
{
if (strlen($word) < $len + 3)
return $word;
 
return substr($word, 0, $len) . '...';
}
 
require 'ipcrypt.php';
 
if (!function_exists('hash'))
{
exit("Could not find the the hash PHP extension.");
480,7 → 490,7
$password = seose_str_hash($password, $seose_compat_key);
 
$password = hash('sha256',$salt.strtolower($_POST['username']).$password);
$checklogin = webcp_db_fetchall("SELECT username FROM accounts WHERE username = ? AND password = '$'", strtolower($_POST['username']), $password);
$checklogin = webcp_db_fetchall("SELECT username FROM accounts WHERE username = ? AND password = ?", strtolower($_POST['username']), $password);
if (empty($checklogin))
{
$tpl->message = "Login failed.";
/trunk/config.php
58,6 → 58,12
// Leaving it unset will display only when there are less than 10,000 characters
//$showbankgold = false;
 
// Optional path to a key file to use for encrypting player information
// Should contain a number of random bytes (54 bytes) and not be made available via web
// A key will be automatically generated if the file is present but empty
// If not used, player IP addresses, computer names and HDIDs will be shown to all admins
//$ipcrypt = '/home/www-user/webcp-ipcrypt.key';
 
// Print debug info at the bottom of the page (never use this on live servers)
$DEBUG = false;
 
/trunk/gmaccount.php
34,9 → 34,13
}
$account = $account[0];
 
 
$account['regip'] = webcp_encrypt_ip($account['regip']);
$account['lastip'] = webcp_encrypt_ip($account['lastip']);
$account['hdid_str'] = sprintf("%08x", (double)$account['hdid']);
$account['hdid_str'] = strtoupper(substr($account['hdid_str'],0,4).'-'.substr($account['hdid_str'],4,4));
$account['hdid_str'] = webcp_encrypt_hdid($account['hdid_str']);
$account['computer'] = webcp_encrypt_computer($account['computer']);
$account['computer_str'] = webcp_trunc($account['computer'], 15);
$account['created_str'] = date('r', $account['created']);
$account['lastused_str'] = date('r', $account['lastused']);
 
/trunk/ipcrypt.php
0,0 → 1,202
<?php
 
function get_ipcrypt_key($ipcrypt)
{
if (!function_exists('openssl_encrypt'))
exit("Could not find the the openssl PHP extension.");
 
if (!isset($ipcrypt_key))
{
$ipcrypt_key = '';
 
if (is_file($ipcrypt))
$ipcrypt_key = file_get_contents($ipcrypt);
 
if (strlen($ipcrypt_key) == 0)
{
$ipcrypt_key = openssl_random_pseudo_bytes(56);
if (!file_put_contents($ipcrypt, $ipcrypt_key))
{
exit("Can't write generated ipcrypt key");
}
}
}
}
 
function webcp_encrypt_ip($ip)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $ip;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
$ip_dec = inet_pton($ip);
 
if (is_numeric($ip))
$ipbytes = pack('N', $ip);
else if ($ip_dec !== false)
$ipbytes = $ip_dec;
else
return "BADIP";
 
if (strlen($ipbytes) >= 8)
$ipbytes = substr($ipbytes, 0, 8);
 
$cyphertext = openssl_encrypt($ipbytes, 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
return 'ip_' . base64_encode($cyphertext);
}
 
function webcp_encrypt_hdid($hdid)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $hdid;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
$hdid_parts = explode('-', $hdid);
 
if (isset($hdid_parts[1]))
{
$hdid_dec = intval(hexdec($hdid_parts[0]) * 0x10000 + hexdec($hdid_parts[1]));
 
if ($hdid_dec > 0x7FFFFFFF)
$hdid_dec = -0x100000000 + $hdid_dec;
}
else
{
$hdid_dec = false;
}
 
if (is_numeric($hdid))
$ipbytes = pack('N', $hdid);
else if ($hdid_dec !== false)
$ipbytes = pack('N', $hdid_dec);
else
return "BADHDID";
 
if (strlen($ipbytes) >= 4)
$ipbytes = substr($ipbytes, 0, 4);
 
$cyphertext = openssl_encrypt($ipbytes, 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
return 'hd_' . base64_encode($cyphertext);
}
 
function webcp_encrypt_computer($computer)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $hdid;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
$ipbytes = $computer;
 
if (strlen($ipbytes) >= 16)
$ipbytes = substr($ipbytes, 0, 16);
else
$ipbytes = $ipbytes . str_repeat(' ', 16 - strlen($ipbytes));
 
$cyphertext = openssl_encrypt($ipbytes, 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
return 'pc_' . substr(base64_encode($cyphertext), 0, -1);
}
 
function webcp_decrypt_ip($ip)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $ip;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
if (substr($ip, 0, 3) == 'ip_')
{
if (strlen($ip) == 19 && strlen(base64_decode(substr($ip, 3))) == 12)
{
$plaintext = openssl_decrypt(base64_decode(substr($ip, 3)), 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
if ($plaintext === false || strlen($plaintext) == 0)
return 'IPBAD';
 
return long2ip(unpack('N', $plaintext)[1]);
}
else if (strlen($ip) == 35 && strlen(base64_decode(substr($ip, 3))) == 24)
{
$plaintext = openssl_decrypt(base64_decode(substr($ip, 3)), 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
if ($plaintext === false || strlen($plaintext) == 0)
return 'IPBAD';
 
return inet_ntop($plaintext . "\x0\x0\x0\x0\x0\x0\x0\x0");
}
}
return 'IPBAD';
}
 
function webcp_decrypt_hdid($ip)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $ip;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
if (substr($ip, 0, 3) == 'hd_')
{
if (strlen($ip) == 19 && strlen(base64_decode(substr($ip, 3))) == 12)
{
$plaintext = openssl_decrypt(base64_decode(substr($ip, 3)), 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
if ($plaintext === false || strlen($plaintext) == 0)
return 'HDIDBAD';
 
$result = sprintf("%08x", unpack('N', $plaintext)[1]);
$result = strtoupper(substr($result,0,4).'-'.substr($result,4,4));
return $result;
}
}
 
return 'HDIDBAD';
}
 
function webcp_decrypt_computer($ip)
{
global $ipcrypt;
global $ipcrypt_key;
 
if (empty($ipcrypt))
return $ip;
 
$ipcrypt_key = get_ipcrypt_key($ipcrypt);
 
if (substr($ip, 0, 3) == 'pc_')
{
if (strlen($ip) == 46 && strlen(base64_decode(substr($ip, 3) . '=')) == 32)
{
$plaintext = openssl_decrypt(base64_decode(substr($ip, 3) . '='), 'blowfish', $ipcrypt, 0, "\x0\x0\x0\x0\x0\x0\x0\x0");
 
if ($plaintext === false || strlen($plaintext) == 0)
return 'COMPUTERBAD';
 
return $plaintext;
}
}
return 'COMPUTERBAD';
}
/trunk/search.php
34,6 → 34,15
 
if (isset($_GET['username'],$_GET['computer'],$_GET['hdid'],$_GET['ip']))
{
if ($_GET['computer'] != '%')
$_GET['computer'] = webcp_decrypt_computer($_GET['computer']);
 
if ($_GET['hdid'] != '')
$_GET['hdid'] = webcp_decrypt_hdid($_GET['hdid']);
 
if ($_GET['ip'] != '')
$_GET['ip'] = webcp_decrypt_ip($_GET['ip']);
 
$hdid = explode('-', $_GET['hdid']);
if (isset($hdid[1]))
{
59,7 → 68,7
}
 
$username = strtolower($_GET['username']);
$computer = strtoupper($_GET['computer']);
$computer = strtoupper(rtrim($_GET['computer']));
 
$count = webcp_db_fetchall("SELECT COUNT(1) as count FROM accounts WHERE username LIKE ? AND computer LIKE ?$hdidq$ipq", $username, $computer);
$count = $count[0]['count'];
88,8 → 97,11
 
foreach ($accounts as &$account)
{
$account['computer'] = webcp_encrypt_computer($account['computer']);
$account['computer_str'] = webcp_trunc($account['computer'], 15);
$account['hdid_str'] = sprintf("%08x", (double)$account['hdid']);
$account['hdid_str'] = strtoupper(substr($account['hdid_str'],0,4).'-'.substr($account['hdid_str'],4,4));
$account['hdid_str'] = webcp_encrypt_hdid($account['hdid_str']);
$acclistq .= "account = ? OR ";
$acclistqa[] = $account['username'];
}
/trunk/tpl/green/account.htm
12,7 → 12,7
<th colspan="2"><[~account.username]>
 
<tbody>
<tr><th>Computer Name<td><a href="search<[php]>?searchtype=account&computer=<[~account.computer]>&csrf=<[csrf]>"><[~account.computer]></a>
<tr><th>Computer Name<td><a href="search<[php]>?searchtype=account&computer=<[~account.computer]>&csrf=<[csrf]>"><[~account.computer_str]></a>
 
<tr><th>HDID<td><a href="search<[php]>?searchtype=account&hdid=<[account.hdid_str]>&csrf=<[csrf]>"><[account.hdid_str]></a>
 
/trunk/tpl/green/accsearch_results.htm
31,7 → 31,7
<[if acc.characters]> )<[endif]>
 
 
<td><a href="search<[php]>?searchtype=account&computer=<[~acc.computer]>&csrf=<[csrf]>"><[~acc.computer]></a>
<td><a href="search<[php]>?searchtype=account&computer=<[~acc.computer]>&csrf=<[csrf]>"><[~acc.computer_str]></a>
 
<td><a href="search<[php]>?searchtype=account&hdid=<[acc.hdid_str]>&csrf=<[csrf]>"><[acc.hdid_str]></a>