I use http://phpids.org/ in several projects, works nice.toffe wrote:This will patch the most problems for using the file disclosure, I'm not sure if it helps for all attacks but will keep the easy one's away!
Firefox warns: "This Connection is Untrusted".undef.de wrote:I use https://phpids.org/ in several projects, works nice.
They should use a valid, CA-signed certificate, or stick to plain http.True (using a outdated certXymph wrote:Firefox warns: "This Connection is Untrusted".undef.de wrote:I use https://phpids.org/ in several projects, works nice.
), changed my link from https to http which is served too.Any menu link is hardcoded to https (or redirects to use that), so the same problem persists when browsing much of the site.undef.de wrote:True (using a outdated certXymph wrote:Firefox warns: "This Connection is Untrusted".undef.de wrote:I use https://phpids.org/ in several projects, works nice.
Aye, there is: http://github.com/Chris92de/AdminServtoffe wrote:Thanks for sharing chris!
It's such a user friendly tool. Maybe a good idea to open up a github or something for it? (or maybe there is already?)
Toffe
http://forum.maniaplanet.com/viewtopic. ... 09&start=0
Code: Select all
'Lvx_EliteLobby' => array(
'address' => 'localhost',
'port' => 5000,
'mapsbasepath' => 'MyTeam/MyServer',
'matchsettings' => 'MatchSettings/MyServer.txt',
'adminlevel' => array('SuperAdmin' => 'all', 'Admin' => 'all', 'User' => 'all'),
'ManiaControl_mysql_host' => 'localhost',
'ManiaControl_mysql_user' => 'dbuser',
'ManiaControl_mysql_pass' => 'dbpass',
'ManiaControl_mysql_db' => 'dbname'
),Code: Select all
/**
* Récupère les informations du serveur actuel (map, serveur, stats, joueurs)
*/
function getCurrentServerInfo(mode, sort){
var path_ressources = getResourcesPath();
if(!mode){
mode = getMode();
}
if(sort){
setCurrentSort(sort);
}
var isTeamGameMode = $('#isTeamGameMode').val();
$.getJSON(getResourcesPath()+'ajax/get_current_serverinfo.php', {mode: mode, sort: sort}, function(data){
if(data != null){
// Map
if(data.map != null){
$('#map_name').html(data.map.name);
$('#map_author').html(data.map.author);
$('#map_karma').html(data.map.karma);
$('#map_enviro').html(data.map.enviro+'<img src="'+path_ressources+'images/env/'+data.map.enviro.toLowerCase()+'.png" alt="" />');
$('#map_uid').html(data.map.uid);
if(data.srv.gameModeScriptName){
var gameModeName = data.srv.gameModeScriptName+' <span class="scriptName">('+data.srv.gameModeName+')</span>';
}else{
var gameModeName = data.srv.gameModeName;
}
$('#map_gamemode').html(gameModeName).attr('class', '').addClass('value '+data.srv.gameModeName.toLowerCase() );
if(data.map.thumb){
$('#map_thumbnail').html('<img src="data:image/jpeg;base64,'+data.map.thumb+'" alt="'+$('#map_thumbnail').data('text-thumbnail')+'" />');
}
if(data.map.scores){
$('#ScoreTeamBlue').val(data.map.scores.blue);
$('#ScoreTeamRed').val(data.map.scores.red);
}
}
// Server
if(data.srv != null){
$('#server_name').html(data.srv.name);
$('#server_status').html(data.srv.status);
}
// Stats
if(data.net != null){
$('#network_uptime').html(data.net.uptime);
$('#network_nbrconnection').html(data.net.nbrconnection);
$('#network_meanconnectiontime').html(data.net.meanconnectiontime);
$('#network_meannbrplayer').html(data.net.meannbrplayer);
$('#network_recvnetrate').html(data.net.recvnetrate);
$('#network_sendnetrate').html(data.net.sendnetrate);
$('#network_totalreceivingsize').html(data.net.totalreceivingsize);
$('#network_totalsendingsize').html(data.net.totalsendingsize);
}
// Players
if(data.ply != null && !$('#playerlist').isChecked() ){
var out = '';
// Création du tableau
out += '<tr class="table-separation"><td colspan="'; if(isTeamGameMode){ out += '6'; }else{ out += '5'; } out += '"></td></tr>';
if( typeof(data.ply) == 'object' ){
$.each(data.ply, function(i, player){
out += '<tr class="'; if(i%2){ out += 'even'; }else{ out += 'odd'; } out += '">';
if(isTeamGameMode && mode == 'detail'){
out += '<td class="detailModeTd imgleft"><span class="team_'+player.TeamId+'" title="'+player.TeamName+'"> </span>'+player.TeamName+'</td>';
}
out += '<td class="imgleft"><img src="'+path_ressources+'images/16/solo.png" alt="" />'+player.NickName+'</td>';
if( !isTeamGameMode && mode == "detail" ){
out += '<td class="imgleft"><img src="'+path_ressources+'images/16/leagueladder.png" alt="" />'+player.LadderRanking+'</td>';
}
out += '<td>'+player.Login+'</td>'
+'<td>'+player.PlayerStatus+'</td>'
+'<td class="checkbox"><input type="checkbox" name="player[]" value="'+player.Login+'" /></td>'
+'</tr>';
});
if( $('#checkAll').attr('disabled') ){
$('#checkAll').prop('disabled', false);
}
}
else{
if( !$('#checkAll').attr('disabled') ){
$('#checkAll').prop('disabled', true);
}
out += '<tr class="no-line"><td class="center" colspan="'; if(isTeamGameMode){ out += '6'; }else{ out += '5'; } out += '">'+data.ply+'</td></tr>';
}
// HTML
$('#playerlist table tbody').html(out);
$('.cadre.right .options .nb-line').html(data.nbp);
if( $('#playerlist').hasClass('loading') ){
$('#playerlist').removeClass('loading');
}
}
}
});
}Code: Select all
/**
* Récupère la liste des maps du serveur
*/
function getMapList(mode, sort){
var path_ressources = getResourcesPath();
if(!mode){
mode = getMode();
}
if(sort){
setCurrentSort(sort);
}
$.getJSON(getResourcesPath()+'ajax/get_maplist.php', {mode: mode, sort: sort}, function(data){
if(data != null){
if(data.lst != null && !$('#maplist').isChecked() ){
var out = '';
// Création du tableau
out += '<tr class="table-separation"><td colspan="6"></td></tr>';
if( typeof(data.lst) == 'object' ){
$.each(data.lst, function(i, map){
out += '<tr'; if(data.cid == i){ out += ' id="currentMap"'; } out += ' class="'; if(i%2){ out += 'even'; }else{ out += 'odd'; } if(data.cid == i){ out += ' current'; } out += '">'
+'<td class="imgleft"><img src="'+path_ressources+'images/16/map.png" alt="" />'
+'<span title="'+map.FileName+'">'+map.Name+'</span>'
if(mode == 'detail'){
out += '<span class="detailModeTd">'+map.UId+'</span>';
}
out += '</td>'
+'<td>'+map.karma+'</td>'
+'<td class="imgcenter"><img src="'+path_ressources+'images/env/'+map.Environment.toLowerCase()+'.png" alt="" />'+map.Environment+'</td>'
+'<td>'+map.Author+'</td>';
if(mode == 'detail'){
out += '<td>'+map.GoldTime+'</td>'
+'<td>'+map.CopperPrice+'</td>';
}
out += '<td class="checkbox">'; if(data.cid != i){ out += '<input type="checkbox" name="map[]" value="'+map.FileName+'" />'; } out += '</td>'
+'</tr>';
});
if( $('#checkAll').attr('disabled') ){
$('#checkAll').prop('disabled', false);
}
}
else{
if( !$('#checkAll').attr('disabled') ){
$('#checkAll').prop('disabled', true);
}
out += '<tr class="no-line"><td class="center" colspan="6">'+data.lst+'</td></tr>';
}
// HTML
$('#maplist table tbody').html(out);
$('.cadre.right .options .nb-line').html(data.nbm.count+' '+data.nbm.title);
if( $('#maplist').hasClass('loading') ){
$('#maplist').removeClass('loading');
}
}
}
});
}Code: Select all
<?php
// GAME
if(SERVER_VERSION_NAME == 'TmForever'){
$queries = array(
'removeMap' => 'RemoveChallengeList',
'chooseNextMap' => 'ChooseNextChallengeList'
);
}
else{
$queries = array(
'removeMap' => 'RemoveMapList',
'chooseNextMap' => 'ChooseNextMapList'
);
}
$redirect=false;
// ACTIONS
if( isset($_POST['removeMap']) && isset($_POST['map']) && count($_POST['map']) > 0 ){
if( !$client->query($queries['removeMap'], $_POST['map']) ){
AdminServ::error();
}
else{
AdminServLogs::add('action', 'Remove map ('.count($_POST['map']).')');
$redirect=true;
}
}
else if( isset($_POST['chooseNextMap']) && isset($_POST['map']) && count($_POST['map']) > 0 ){
if( !$client->query($queries['chooseNextMap'], $_POST['map']) ){
AdminServ::error();
}
else{
AdminServLogs::add('action', 'Choose next map ('.count($_POST['map']).')');
$redirect=true;
}
}
if ($redirect){
Utils::redirection(false, '?p='.USER_PAGE);
}
// MAPLIST
$data['maps'] = AdminServ::getMapList();
?>Code: Select all
<?php
// INCLUDES
session_start();
if( !isset($_SESSION['adminserv']['sid']) ){ exit; }
$configPath = '../../'.$_SESSION['adminserv']['path'].'config/';
require_once $configPath.'adminlevel.cfg.php';
require_once $configPath.'adminserv.cfg.php';
require_once $configPath.'extension.cfg.php';
require_once $configPath.'servers.cfg.php';
require_once '../core/adminserv.php';
AdminServConfig::$PATH_RESOURCES = '../';
AdminServ::getClass();
AdminServUI::lang();
// ISSET
if( isset($_GET['mode']) ){ $mode = addslashes($_GET['mode']); }else{ $mode = null; }
if( isset($_GET['sort']) ){ $sort = addslashes($_GET['sort']); }else{ $sort = null; }
if($mode){
$_SESSION['adminserv']['mode']['maps'] = $mode;
}
// DATA
if( AdminServ::initialize() ){
$out = AdminServ::getMapList($sort);
}
//Niarfman Karma research
$db = new mysqli(SERVER_MANIACONTROL_MYSQL_HOST, SERVER_MANIACONTROL_MYSQL_USER, SERVER_MANIACONTROL_MYSQL_PASS, SERVER_MANIACONTROL_MYSQL_DB);
if($db->connect_errno > 0){
die('Unable to connect to database [' . $db->connect_error . ']');
}
foreach ($out['lst'] as $key => $map)
{
//print_r($map);
$sql = 'SELECT name, AVG(vote) AS avg_vote, COUNT(name) AS nb_votes FROM `mc_karma` INNER JOIN `mc_maps` ON `mc_maps`.`index` = `mc_karma`.`mapIndex` GROUP BY `mc_maps`.`uid` HAVING `mc_maps`.`uid`="'.$map[UId].'"';
//echo $sql.'<hr />';
if(!$result = $db->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}
$row = $result->fetch_assoc();
if($row <> NULL)
{
$out['lst'][$key]['karma']=round($row['avg_vote']*100,2) . '% - ' .$row['nb_votes'] .' vote(s)';
}
else
{
$out['lst'][$key]['karma']="No Vote";
}
$result->free();
}
$db->close();
// OUT
$client->Terminate();
echo json_encode($out);
?>Code: Select all
/**
* Récupère la liste des maps sur le serveur
*
* @global resource $client -> Le client doit être initialisé
* @param string $sortBy -> Le tri à faire sur la liste
* @return array
*/
public static function getMapList($sortBy = null){
global $client;
$out = array();
// Méthodes
if(SERVER_VERSION_NAME == 'TmForever'){
$queryName = array(
'mapList' => 'GetChallengeList',
'mapIndex' => 'GetCurrentChallengeIndex'
);
}
else{
$queryName = array(
'mapList' => 'GetMapList',
'mapIndex' => 'GetCurrentMapIndex'
);
}
// MAPSLIST
if( !$client->query($queryName['mapList'], AdminServConfig::LIMIT_MAPS_LIST, 0) ){
$out['error'] = Utils::t('Client not initialized');
}
else{
$mapList = $client->getResponse();
$countMapList = count($mapList);
$client->query($queryName['mapIndex']);
$out['cid'] = $client->getResponse();
if( $countMapList > 0 ){
$i = 0;
//Niarfman Karma research - DB Connection
$db = new mysqli(SERVER_MANIACONTROL_MYSQL_HOST, SERVER_MANIACONTROL_MYSQL_USER, SERVER_MANIACONTROL_MYSQL_PASS, SERVER_MANIACONTROL_MYSQL_DB);
$IsDBConnect=false;
if($db->connect_errno == 0){
$IsDBConnect=true;
}
foreach($mapList as $map){
// Name
$name = htmlspecialchars($map['Name'], ENT_QUOTES, 'UTF-8');
$out['lst'][$i]['Name'] = TmNick::toHtml($name, 10, true);
// Environnement
$env = $map['Environnement'];
if($env == 'Speed'){ $env = 'Desert'; }else if($env == 'Alpine'){ $env = 'Snow'; }
$out['lst'][$i]['Environment'] = $env;
//Niarfman Karma research
//print_r($map);
$sql = 'SELECT name, AVG(vote) AS avg_vote, COUNT(name) AS nb_votes FROM `mc_karma` INNER JOIN `mc_maps` ON `mc_maps`.`index` = `mc_karma`.`mapIndex` GROUP BY `mc_maps`.`uid` HAVING `mc_maps`.`uid`="'.$map[UId].'"';
//echo $sql.'<hr />';
if($IsDBConnect){
if(!$result = $db->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}
$row = $result->fetch_assoc();
if($row <> NULL)
{
$karma=round($row['avg_vote']*100,2) . '% - ' .$row['nb_votes'] .' vote(s)';
}
else
{
$karma="No Vote";
}
$result->free();
}
else{
$karma="No Database Set";
}
// Autres
$out['lst'][$i]['UId'] = $map['UId'];
$out['lst'][$i]['FileName'] = $map['FileName'];
$out['lst'][$i]['Author'] = $map['Author'];
$out['lst'][$i]['GoldTime'] = TimeDate::format($map['GoldTime']);
$out['lst'][$i]['CopperPrice'] = $map['CopperPrice'];
$out['lst'][$i]['karma']=$karma;
if(SERVER_VERSION_NAME == 'ManiaPlanet'){
$out['lst'][$i]['Type']['Name'] = self::formatScriptName($map['MapType']);
$out['lst'][$i]['Type']['FullName'] = $map['MapType'];
$out['lst'][$i]['Style']['Name'] = self::formatScriptName($map['MapStyle']);
$out['lst'][$i]['Style']['FullName'] = $map['MapStyle'];
}
$i++;
}
$db->close();
}
// Nombre de maps
$out += self::getNbMaps($out);
if($out['nbm']['count'] == 0){
$out['lst'] = Utils::t('No map');
}
// TRI
if($sortBy != null){
if( is_array($out['lst']) && count($out['lst']) > 0 ){
switch($sortBy){
case 'name':
uasort($out['lst'], 'AdminServSort::sortByName');
break;
case 'env':
uasort($out['lst'], 'AdminServSort::sortByEnviro');
break;
case 'author':
uasort($out['lst'], 'AdminServSort::sortByAuthor');
break;
case 'goldtime':
uasort($out['lst'], 'AdminServSort::sortByGoldTime');
break;
case 'cost':
uasort($out['lst'], 'AdminServSort::sortByPrice');
break;
}
}
$out['lst'] = array_values($out['lst']);
}
}
return $out;
}Kev717 wrote: No problem for continue the development of my tool
But maybe, you should create a new post for edit the first page.
Would it not be better to post such things/extension to the version which is under development?oliverde8 wrote:maybe do something generic if you have time, so that user can switch between Aseco ManiaControl for example? If it is generic I wouldn't mind making a pull request to add eXpansion support?