From 0ef45a1491b9f1b639ae096cfc89e28d762e53e0 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Sun, 19 Feb 2023 23:11:59 +0000 Subject: [PATCH 01/28] README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..2977ca6 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +This is the game server list program for BZFlag. + +It also includes weblogin.php for remote sites that use BZFlag forum logins. From 5290964daa686290bbecd542acd99ecb3e17f70c Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Sun, 19 Feb 2023 23:26:00 +0000 Subject: [PATCH 02/28] track nameport on LIST and checktokens, again --- bzfls.php | 16 ++++++++-------- listdb.class.php | 28 ++++++++++++++-------------- weblogin.php | 12 ++++++++++-- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/bzfls.php b/bzfls.php index a06bf7d..a93ee32 100644 --- a/bzfls.php +++ b/bzfls.php @@ -373,7 +373,7 @@ function print_json_list(&$listing) } function authenticate_player($callsign, $password) { - global $db; + global $db, $nameport; // Clean up UTF-8 characters $clean_callsign = utf8_clean_string($callsign); @@ -388,7 +388,7 @@ function authenticate_player($callsign, $password) { //$player['token'] = bin2hex(random_bytes(16)); //$player['token'] = base64_encode(random_bytes(14)); debug ("OK token={$player['token']}", 2); - $db->setTokenInformationByUserID($player['user_id'], $player['token']); + $db->setTokenInformationByUserID($player['user_id'], $player['token'], $nameport); return $player; } else { @@ -469,9 +469,9 @@ function action_gettoken () { function checktoken($callsign, $ip, $token, $garray) { # validate player token for connecting player on a game server - global $db; + global $db, $nameport; # TODO add grouplist support - print("MSG: checktoken callsign=$callsign, ip=$ip, token=$token "); + print("MSG: checktoken callsign=$callsign, token=$token, nameport=$nameport, ip=$ip, "); foreach($garray as $group) { print(" group=$group"); } @@ -487,7 +487,7 @@ function checktoken($callsign, $ip, $token, $garray) { return; } - $playerid = $db->validateTokenInformation($clean_callsign, $token, $ip, $staletime); + $playerid = $db->validateTokenInformation($clean_callsign, $token, $ip, $staletime, $nameport); if ($playerid) { # clear tokendate so nasty game server admins can't login someplace else $db->clearTokenInformationByUserID($playerid); @@ -601,7 +601,7 @@ function action_add() { $serverips = gethostbynamel($servname); // Hostname must resolve to a single IPv4 address if ($serverips === FALSE || sizeof($serverips) != 1) { - print("ERROR: Provided hostname does not resolve to a single IPv4 address\n"); + print("ERROR: Provided hostname does not resolve to a single IPv4 address:".json_encode($serverips)."\n"); return; } @@ -668,7 +668,7 @@ function action_remove() { $serverips = gethostbynamel($servname); // Hostname must resolve to a single IPv4 address if ($serverips === FALSE || sizeof($serverips) != 1) { - print("ERROR: Provided hostname does not resolve to a single IPv4 address\n"); + print("ERROR: Provided hostname does not resolve to a single IPv4 address:".json_encode($serverips)."\n"); return; } @@ -703,7 +703,7 @@ function action_remove() { # TODO: Add a check for the $nameport variable here and add that to $values # ignore banned servers outright -if ($ban = IsBanned($values, $banlist, $isSilent)) { +if ($ban = IsBanned($values, $banlist)) { # reject the connection attempt header('Content-type: text/plain'); $remote_addr = $_SERVER['REMOTE_ADDR']; diff --git a/listdb.class.php b/listdb.class.php index d6d8ce3..c0a887d 100644 --- a/listdb.class.php +++ b/listdb.class.php @@ -152,7 +152,7 @@ function userExists($name) { } function getActiveForumUserByName($name) { - $statement = $this->link->prepare('SELECT user_id, user_password, username FROM bzflag_forum.bzbb3_users WHERE username_clean = ? AND user_inactive_reason = 0'); + $statement = $this->link->prepare('SELECT user_id, user_password, username FROM bzbb3_users WHERE username_clean = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('s', $name); $statement->execute(); @@ -169,7 +169,7 @@ function getActiveForumUserByName($name) { } function getActiveForumUserByUserID($userid) { - $statement = $this->link->prepare('SELECT username, username_clean, user_password FROM bzflag_forum.bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); + $statement = $this->link->prepare('SELECT username, username_clean, user_password FROM bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -186,7 +186,7 @@ function getActiveForumUserByUserID($userid) { } function getActiveForumUsernameCleanByUserID($userid) { - $statement = $this->link->prepare('SELECT username_clean FROM bzflag_forum.bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); + $statement = $this->link->prepare('SELECT username_clean FROM bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -203,7 +203,7 @@ function getActiveForumUsernameCleanByUserID($userid) { } function getGroupMembershipsByUserID($userid) { - $statement = $this->link->prepare("SELECT g.group_name FROM bzflag_forum.bzbb3_groups g, bzflag_forum.bzbb3_user_group ug WHERE ug.user_id = ? AND ug.group_id = g.group_id AND ug.user_pending = 0 AND NOT (g.group_skip_auth = 1 AND ug.group_leader = 1)"); + $statement = $this->link->prepare("SELECT g.group_name FROM bzbb3_groups g, bzbb3_user_group ug WHERE ug.user_id = ? AND ug.group_id = g.group_id AND ug.user_pending = 0 AND NOT (g.group_skip_auth = 1 AND ug.group_leader = 1)"); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -221,10 +221,10 @@ function getGroupMembershipsByUserID($userid) { return Array(); } - function validateTokenInformation($callsign, $token, $ip, $staletime) { - $statement = $this->link->prepare("SELECT user_id FROM bzflag_forum.bzbb3_users WHERE username_clean = ? AND user_token = ? AND user_tokendate > ? AND (user_tokenip = ? or '' = ?)"); + function validateTokenInformation($callsign, $token, $ip, $staletime, $nameport) { + $statement = $this->link->prepare("SELECT user_id FROM bzbb3_users WHERE username_clean = ? AND user_token = ? AND user_tokendate > ? AND ((user_tokenip = ? OR '' = ?) OR (user_tokennameport = ? OR '' = ?))"); if ($statement) { - $statement->bind_param('siiss', $callsign, $token, $staletime, $ip, $ip); + $statement->bind_param('siissss', $callsign, $token, $staletime, $ip, $ip, $nameport, $nameport); $statement->execute(); $result = $statement->get_result(); if ($result) { @@ -237,17 +237,17 @@ function validateTokenInformation($callsign, $token, $ip, $staletime) { return false; } - function setTokenInformationByUserID($userid, $token) { - $statement = $this->link->prepare('UPDATE bzflag_forum.bzbb3_users SET user_token = ?, user_tokendate = ?, user_tokenip = ? WHERE user_id = ?'); + function setTokenInformationByUserID($userid, $token, $nameport) { + $statement = $this->link->prepare('UPDATE bzbb3_users SET user_token = ?, user_tokendate = ?, user_tokenip = ?, user_tokennameport = ? WHERE user_id = ?'); if ($statement) { $time = time(); - $statement->bind_param('iisi', $token, $time, $_SERVER['REMOTE_ADDR'], $userid); + $statement->bind_param('iissi', $token, $time, $_SERVER['REMOTE_ADDR'], $nameport, $userid); $statement->execute(); } } function clearTokenInformationByUserID($userid) { - $statement = $this->link->prepare('UPDATE bzflag_forum.bzbb3_users SET user_lastvisit = ?, user_tokendate = 0 WHERE user_id = ?'); + $statement = $this->link->prepare('UPDATE bzbb3_users SET user_lastvisit = ?, user_tokendate = 0 WHERE user_id = ?'); if ($statement) { $time = time(); $statement->bind_param('ii', $time, $userid); @@ -256,7 +256,7 @@ function clearTokenInformationByUserID($userid) { } function getPrivateMessageCountByUserID($userid) { - $statement = $this->link->prepare('SELECT user_new_privmsg FROM bzflag_forum.bzbb3_users WHERE user_id = ?'); + $statement = $this->link->prepare('SELECT user_new_privmsg FROM bzbb3_users WHERE user_id = ?'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -290,7 +290,7 @@ function getServersForUnregistered($version) { function getServersForUserID($user, $version) { if (!$version) $version = ''; - $statement = $this->link->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id INNER JOIN bzflag_forum.bzbb3_user_group ug ON ad.group_id = ug.group_id WHERE ug.user_id = ? AND (s.version = ? OR '' = ?) UNION SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE (ad.group_id = 0 OR ad.group_id = 6727) AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); + $statement = $this->link->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id INNER JOIN bzbb3_user_group ug ON ad.group_id = ug.group_id WHERE ug.user_id = ? AND (s.version = ? OR '' = ?) UNION SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE (ad.group_id = 0 OR ad.group_id = 6727) AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); if ($statement) { $statement->bind_param('issss', $user, $version, $version, $version, $version); $statement->execute(); @@ -307,7 +307,7 @@ function getServersForUserID($user, $version) { function getGroupIDByGroupName($groupname) { - $statement = $this->link->prepare('SELECT group_id FROM bzflag_forum.bzbb3_groups WHERE group_name = ?'); + $statement = $this->link->prepare('SELECT group_id FROM bzbb3_groups WHERE group_name = ?'); if ($statement) { $statement->bind_param('s', $groupname); $statement->execute(); diff --git a/weblogin.php b/weblogin.php index 211e776..4f0f049 100644 --- a/weblogin.php +++ b/weblogin.php @@ -117,7 +117,11 @@ function action_weblogin() { if ($player && md5($parsedURL['host']).$player['user_password'] === $_COOKIE[$wlk]) { $token = random_int(0, 2147483647); - $db->setTokenInformationByUserID($uid, $token); + $nameport = $parsedURL['host']; + if (!empty($parsedURL['port']) { + $nameport .= ':'.$parsedURL['port']; + } + $db->setTokenInformationByUserID($uid, $token, $nameport); if (true) { header('location: ' . str_replace(Array('%TOKEN%', '%USERNAME%'), Array(urlencode($token), urlencode($player['username'])), $URL)); return; @@ -223,7 +227,11 @@ function action_webvalidate() { }*/ $token = random_int(0, 2147483647); - $db->setTokenInformationByUserID($player['user_id'], $token); + $nameport = $refererParts['host']; + if (!empty($refererParts['port'])) { + $nameport .= ':'.$refererParts['port']; + } + $db->setTokenInformationByUserID($player['user_id'], $token, $nameport); if (true) { header('location: ' . str_replace(Array('%TOKEN%', '%USERNAME%'), Array(urlencode($token), urlencode($player['username'])), $URL)); return; From e07d0b478704d26f4bcba61278931f2ad148df8e Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Mon, 20 Feb 2023 06:13:50 +0000 Subject: [PATCH 03/28] allow ip mismatch if matching key present on ADD/REMOVE --- bzfls.php | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/bzfls.php b/bzfls.php index a93ee32..c2fab72 100644 --- a/bzfls.php +++ b/bzfls.php @@ -569,6 +569,12 @@ function action_add() { return; } + $servname = substr($nameport, 0, strrpos($nameport,':')); + if ($servname != $keyinfo['host']) { + echo "ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"; + return; + } + # FIXME: this only looks one IPv4 address # server may have zero or more IPv4 ips, and zero or more IPv6 ips. $ip = gethostbyname($keyinfo['host']); @@ -607,7 +613,7 @@ function action_add() { $servip = $serverips[0]; - if ($_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { + if ($ownerID == "" && $_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { debug('Requesting address is ' . $_SERVER['REMOTE_ADDR'] . ' while server is at ' . $servip, 1 ); print('ERROR: Requesting address is ' . $_SERVER['REMOTE_ADDR'] @@ -653,11 +659,15 @@ function action_add() { function action_remove() { # -- REMOVE -- # Server requests to be removed from the DB. - global $db, $nameport, $debugNoIpCheck; + global $db, $nameport, $serverKey, $debugNoIpCheck; header('Content-type: text/plain'); print("MSG: REMOVE request from $nameport\n"); debug("REMOVE request from $nameport", 1); + $owner = ""; + $ownerID = ""; + + # FIXME: won't work with IPv6 $split = explode(':', $nameport); $servname = $split[0]; if (array_key_exists(1, $split)) @@ -665,6 +675,28 @@ function action_remove() { else $servport = 5154; + if ($serverKey) + { + $keyinfo = $db->getAuthKeyInfoByKey($serverKey); + if (!$keyinfo) { + print("ERROR: Missing or invalid server authentication key\n"); + return; + } + + if ($servname != $keyinfo['host']) { + echo "ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"; + return; + } + + // ok so the key is good, now to check the owner + $owner = $db->getActiveForumUsernameCleanByUserID($keyinfo['owner']); + if (!$owner) { + print("ERROR: Owner lookup failure\n"); + return; + } + $ownerID = $keyinfo['owner']; + } + $serverips = gethostbynamel($servname); // Hostname must resolve to a single IPv4 address if ($serverips === FALSE || sizeof($serverips) != 1) { @@ -674,7 +706,7 @@ function action_remove() { $servip = $serverips[0]; - if ($_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { + if ($ownerID == "" && $_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { debug('Requesting address is ' . $_SERVER['REMOTE_ADDR'] . ' while server is at ' . $servip, 1 ); print('ERROR: Requesting address is ' . $_SERVER['REMOTE_ADDR'] From a22eff2d4f4551bbd156c06afa004e0a6215dfb3 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 21 Feb 2023 01:57:02 +0000 Subject: [PATCH 04/28] add key to form --- bzfls.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bzfls.php b/bzfls.php index c2fab72..87a849c 100644 --- a/bzfls.php +++ b/bzfls.php @@ -235,7 +235,7 @@ function testform($message) {

BZFlag db server

' . $message . ' -

This is the development interface to the BZFlag list server AT BZ.

+

This is the development interface to the BZFlag list server.

action:
actions: REMOVE
nameport:
+ key:
actions: ADD REMOVE
build:
gameinfo:
@@ -277,8 +278,6 @@ function testform($message) { '); } - - function lua_quote($str) { return '"' . addslashes($str) . '"'; From 240edcccf7105c5715858f7b331fec51de3853ac Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 21 Feb 2023 02:03:42 +0000 Subject: [PATCH 05/28] no REGISTER or CONFIRM, yet? --- bzfls.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bzfls.php b/bzfls.php index 87a849c..9569a28 100644 --- a/bzfls.php +++ b/bzfls.php @@ -254,10 +254,11 @@ function testform($message) { version:
callsign:
password:
- actions: REMOVE
+ actions: LIST ADD REMOVE
nameport:
- key:
actions: ADD REMOVE
+ key:
+ actions: ADD
build:
gameinfo:
title:
@@ -756,8 +757,6 @@ function action_remove() { case 'GETTOKEN': { action_gettoken(); break; } case 'ADD': { action_add(); break; } case 'REMOVE': { action_remove(); break; } - case 'REGISTER': { action_register(); break; } - case 'CONFIRM': { action_confirm(); break; } case 'CHECKTOKENS': { header('Content-type: text/plain'); action_checktokens(); From 9c11b3fff84dfe3853d197670a031e6e02b556f1 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 21 Feb 2023 02:04:28 +0000 Subject: [PATCH 06/28] no REGISTER or CONFIRM, yet? --- bzfls.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/bzfls.php b/bzfls.php index 9569a28..1a17659 100644 --- a/bzfls.php +++ b/bzfls.php @@ -270,8 +270,6 @@ function testform($message) { groups: - actions: REGISTER CONFIRM
- email:
From 6a5ccf430766444d35377b458d857a8795ad5b1d Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Fri, 7 Apr 2023 22:54:41 +0000 Subject: [PATCH 07/28] no more ipaddr in >= BZFS0225, handle ipv6 addresses --- bzfls.php | 159 ++++++++++++++++++++++++++---------------------------- 1 file changed, 77 insertions(+), 82 deletions(-) diff --git a/bzfls.php b/bzfls.php index 1a17659..32cc699 100644 --- a/bzfls.php +++ b/bzfls.php @@ -13,8 +13,9 @@ // WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. /* If started from the command line, wrap parameters to $_POST and $_GET */ +// example: SERVER_PORT=443 REMOTE_ADDR=127.0.0.1 php bzfls.php 'action=LISTi&version=BZFS0225' if (!isset($_SERVER["HTTP_HOST"])) { - parse_str($argv[1], $_REQUEST); + parse_str($argv[1], $_REQUEST); } define('IN_PHPBB', true); @@ -291,6 +292,8 @@ function json_quote($str) function print_plain_list(&$listing) { + global $version; + header('Content-Type:text/plain;charset=utf-8'); if (isset($listing['token'])) { if ($listing['token']) { @@ -303,32 +306,46 @@ function print_plain_list(&$listing) print("NOTICE: " . $listing['notice'] . "\n"); } if ($_SERVER['SERVER_PORT'] != '443' && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] != 'https')) - echo "outdated.bzflag.org BZFS0221 00000010000100000000000000000000c8c8c800c800c800c800c800c8 127.0.0.1 You are using a very old client. Upgrade to BZFlag 2.4.4 or later.\n"; + print("outdated.bzflag.org BZFS0221 00000010000100000000000000000000c8c8c800c800c800c800c800c8 127.0.0.1 You are using a very old client. Upgrade to BZFlag 2.4.4 or later.\n"); foreach ($listing['servers'] as $server) { - print("{$server['nameport']} {$server['version']} {$server['gameinfo']} {$server['ipaddr']} {$server['title']}\n"); + if ($version >= 'BZFS0225') + print("{$server['nameport']} {$server['version']} {$server['gameinfo']} {$server['title']}\n"); + else + print("{$server['nameport']} {$server['version']} {$server['gameinfo']} {$server['ipaddr']} {$server['title']}\n"); } } function print_lua_list(&$listing) { + global $version; + header('Content-Type:text/x-lua;charset=utf-8'); print "return {\n"; if (isset($listing['token'])) { print "token = " . lua_quote($listing['token']) . ",\n"; } - print "fields = { 'version', 'hexcode', 'addr', 'ipaddr', 'title', 'owner' },\n"; - //print "fields = { 'version', 'hexcode', 'addr', 'ipaddr', 'title', 'owner', 'ownername' },\n"; + if ($version >= 'BZFS0225') + print "fields = { 'version', 'gameinfo', 'nameport', 'title', 'ownername' },\n"; + else + print "fields = { 'version', 'gameinfo', 'nameport', 'ipaddr', 'title', 'ownername' },\n"; print "servers = {\n"; foreach ($listing['servers'] as $server) { - print "{" - . lua_quote($server['version']) . "," // version - . lua_quote($server['gameinfo']) . "," // hexcode - . lua_quote($server['nameport']) . "," // addr - . lua_quote($server['ipaddr']) . "," // ipaddr - . lua_quote($server['title']) . "," // title - //. lua_quote($server['owner']) . "," // owner - . lua_quote($server['ownername']) . "},\n"; // ownername + if ($version >= 'BZFS0225') + print "{" + . lua_quote($server['version']) . "," // version + . lua_quote($server['gameinfo']) . "," // hexcode + . lua_quote($server['nameport']) . "," // addr + . lua_quote($server['title']) . "," // title + . lua_quote($server['ownername']) . "},\n"; // ownername + else + print "{" + . lua_quote($server['version']) . "," // version + . lua_quote($server['gameinfo']) . "," // hexcode + . lua_quote($server['nameport']) . "," // addr + . lua_quote($server['ipaddr']) . "," // ipaddr + . lua_quote($server['title']) . "," // title + . lua_quote($server['ownername']) . "},\n"; // ownername } print "}\n"; // end the "servers" table print "}\n"; @@ -338,36 +355,8 @@ function print_lua_list(&$listing) function print_json_list(&$listing) { header('Content-Type: application/json; charset = utf-8'); - echo json_encode($listing,JSON_PRETTY_PRINT); + print(json_encode($listing,JSON_PRETTY_PRINT) . "\n"); return; - print "{\n"; - if (isset($listing['token'])) { - print "token: " . json_quote($listing['token']) . ",\n"; - } - if (isset($listing['notice'])) { - print "notice: " . json_quote($listing['notice']) . ",\n"; - } - print '"fields": ["version","hexcode","addr","ipaddr","title","owner"],' . "\n"; - //print '"fields": ["version","hexcode","addr","ipaddr","title","owner","ownername"],' . "\n"; - print '"servers": ['; - $first = true; - foreach ($listing['servers'] as $server) { - if ($first) { - $first = false; - } else { - print ","; - } - print "\n[" - . json_quote($server['version']) . "," // version - . json_quote($server['gameinfo']) . "," // hexcode - . json_quote($server['nameport']) . "," // addr - . json_quote($server['ipaddr']) . "," // ipaddr - . json_quote($server['title']) . "," // title - //. json_quote($server['owner']) . "," // owner - . json_quote($server['ownername']) . "]"; // ownername - } - print "\n]\n"; - print "}\n"; } function authenticate_player($callsign, $password) { @@ -436,9 +425,10 @@ function action_list() { else { $listing['servers'] = $db->getServersForUnregistered($version); } - - if ($listformat == "lua" || $listformat == "json") { - $listing['fields'] = Array("addr", "version", "hexcode", "ipaddr", "title", "owner", "ownername"); + foreach($listing['servers'] as &$server) { + unset($server['owner']); + if ($version >= 'BZFS0225') + unset($server['ipaddr']); } switch ($listformat) { @@ -558,8 +548,31 @@ function action_add() { $owner = ""; $ownerID = ""; + $split = explode(':', $nameport); + $servname = $split[0]; + if (array_key_exists(1, $split)) + $servport = $split[1]; + else + $servport = 5154; + + # Filter out badly formatted or buggy versions + if (!preg_match('/[A-Z]{4}[0-9]{4}/', $version)) + exit("BADVERSION: $version\n"); + + // get ips for servname + $srvaddrinfo = socket_addrinfo_lookup($servname,$servport,array('ai_socktype'=>SOCK_STREAM)); + if ($srvaddrinfo == false) + exit("ERROR: cannot resolve $servname\n"); + + $serverips = array(); + foreach($srvaddrinfo as $addrinfo) { + $aiaddr = socket_addrinfo_explain($addrinfo)['ai_addr']; + $serverips[] = $aiaddr['sin6_addr'] ? $aiaddr['sin6_addr'] : $aiaddr['sin_addr']; + } + //$serverips = gethostbynamel($servname); + // check the server key (from the bzfs -publickey option) - if ( ($version != 'BZFS0026' && $version != 'BZFS1910') || $serverKey) + if ( $serverKey || ($version != 'BZFS0026' && $version != 'BZFS1910')) { $keyinfo = $db->getAuthKeyInfoByKey($serverKey); if (!$keyinfo) { @@ -569,16 +582,13 @@ function action_add() { $servname = substr($nameport, 0, strrpos($nameport,':')); if ($servname != $keyinfo['host']) { - echo "ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"; - return; + exit("ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"); } # FIXME: this only looks one IPv4 address # server may have zero or more IPv4 ips, and zero or more IPv6 ips. - $ip = gethostbyname($keyinfo['host']); - if ($ip != $_SERVER['REMOTE_ADDR']) { - echo "WARNING: Host mismatch for server authentication key $ip != " . $_SERVER['REMOTE_ADDR'] . "\n"; - #return; + if (!in_array($_SERVER['REMOTE_ADDR'],$serverips)) { + print('WARNING: Host mismatch for server key ' . $_SERVER['REMOTE_ADDR'] . ' not in ' . json_encode($serverips) . "\n"); } // ok so the key is good, now to check the owner @@ -588,37 +598,24 @@ function action_add() { return; } $ownerID = $keyinfo['owner']; + } elseif (sizeof($serverips) != 1) { + // Hostname used to need to resolve to a single IPv4 address + print("WARNING: hostname resolves to multiple addresses:".json_encode($serverips)."\n"); } - # Filter out badly formatted or buggy versions - print "MSG: ADD $nameport $version $gameinfo $title\n"; - if (!preg_match('/[A-Z]{4}[0-9]{4}/', $version)) - return; - - $split = explode(':', $nameport); - $servname = $split[0]; - if (array_key_exists(1, $split)) - $servport = $split[1]; - else - $servport = 5154; - - $serverips = gethostbynamel($servname); - // Hostname must resolve to a single IPv4 address - if ($serverips === FALSE || sizeof($serverips) != 1) { - print("ERROR: Provided hostname does not resolve to a single IPv4 address:".json_encode($serverips)."\n"); - return; - } - - $servip = $serverips[0]; - - if ($ownerID == "" && $_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { + if ($ownerID == "" && in_array($_SERVER['REMOTE_ADDR'],$serverips) && !$debugNoIpCheck) { debug('Requesting address is ' . $_SERVER['REMOTE_ADDR'] - . ' while server is at ' . $servip, 1 ); + . ' while server ips are ' . json_encode($serverips), 1 ); print('ERROR: Requesting address is ' . $_SERVER['REMOTE_ADDR'] - . ' while server is at ' . $servip ); + . ' while server ips are ' . json_encode($serverips) ); die(); } + // no longer used + $servip = "127.0.0.1"; + + print "MSG: ADD $nameport $version $gameinfo $servip $title\n"; + # Test to see whether nameport is valid by attempting to establish a # connection to it $fp = @fsockopen($servname, $servport, $errno, $errstring, 5); @@ -627,7 +624,7 @@ function action_add() { print("ERROR: Unable to reach your server. Check your router/firewall and DNS configuration.\n"); return; } - # FIXME - should callback and update all stats instead of bzupdate.pl + # FIXME - should callback and update stats instead of bzupdate.pl fclose ($fp); $server = $db->getServerByNameport($nameport); @@ -682,15 +679,13 @@ function action_remove() { } if ($servname != $keyinfo['host']) { - echo "ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"; - return; + exit("ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"); } // ok so the key is good, now to check the owner $owner = $db->getActiveForumUsernameCleanByUserID($keyinfo['owner']); if (!$owner) { - print("ERROR: Owner lookup failure\n"); - return; + exit("ERROR: Owner lookup failure\n"); } $ownerID = $keyinfo['owner']; } @@ -772,6 +767,6 @@ function action_remove() { # mode:php *** # tab-width: 8 *** # c-basic-offset: 2 *** -# indent-tabs-mode: t *** +# indent-tabs-mode: s *** # End: *** # ex: shiftwidth=2 tabstop=8 From 0d5e600155a36e5fb2ec9c8a487c7789bbb1d7e3 Mon Sep 17 00:00:00 2001 From: Scott Wichser Date: Tue, 11 Apr 2023 06:25:13 -0500 Subject: [PATCH 08/28] Support a separate forum database --- bzfls.php | 2 +- listdb.class.php | 65 ++++++++++++++++++++++++++++++------------------ weblogin.php | 2 +- 3 files changed, 43 insertions(+), 26 deletions(-) diff --git a/bzfls.php b/bzfls.php index 32cc699..a1b7891 100644 --- a/bzfls.php +++ b/bzfls.php @@ -50,7 +50,7 @@ debug('Connecting to the database', 3); -$db = new ListDB($dbhost, $dbuname, $dbpass, $dbname); +$db = new ListDB($dbhost, $dbuname, $dbpass, $dbname, $bbdbname); # for banning. provide key => value pairs where the key is an # ip address. value is not used at present. these are pulled diff --git a/listdb.class.php b/listdb.class.php index c0a887d..30233a8 100644 --- a/listdb.class.php +++ b/listdb.class.php @@ -1,17 +1,34 @@ link = new mysqli($hostname, $username, $password, $database); if ($this->link->connect_error) { die('Unable to connect to database'); } + if (!empty($forumdb)) + $this->forum_prefix = $forumdb . '.'; + $this->link->query("SET NAMES 'utf8'"); } + // Wrapper for mysqli::prepare that adds the forum prefix + private function prepare($sql) { + return $this->link->prepare(str_replace('%forum%', $this->forum_prefix, $sql)); + } + + // Wrapper for mysqli::query that adds the forum prefix + private function query($sql) { + return $this->link->query(str_replace('%forum%', $this->forum_prefix, $sql)); + } + function getAffectedRows() { return $this->link->affected_rows; } private function getAllAssoc($result) { @@ -30,18 +47,18 @@ private function getAllAssoc($result) { // Bans function getActiveBans() { - return $this->getAllAssoc($this->link->query('SELECT type, value, owner, reason, silent FROM serverbans WHERE active = 1')); + return $this->getAllAssoc($this->query('SELECT type, value, owner, reason, silent FROM serverbans WHERE active = 1')); } function getAllBans() { - return $this->getAllAssoc($this->link->query('SELECT * from serverbans')); + return $this->getAllAssoc($this->query('SELECT * from serverbans')); } // Server advertisements function cleanupServerAdvertisements() { - $delete = $this->link->prepare('DELETE FROM server_advert_groups WHERE server_id = ?'); - $result = $this->link->query('SELECT SAV.server_id as server_id from server_advert_groups as SAV LEFT JOIN servers S ON S.server_id=SAV.server_id WHERE S.server_id is null'); + $delete = $this->prepare('DELETE FROM server_advert_groups WHERE server_id = ?'); + $result = $this->query('SELECT SAV.server_id as server_id from server_advert_groups as SAV LEFT JOIN servers S ON S.server_id=SAV.server_id WHERE S.server_id is null'); if ($result) { while ($row = $result->fetch_assoc()) { $delete->bind_param('i', $row['server_id']); @@ -54,7 +71,7 @@ function cleanupServerAdvertisements() { // Servers function addServer($nameport, $servip, $gameinfo, $title, $ownerID, $owner, $version, $build) { - $statement = $this->link->prepare('INSERT INTO servers (nameport, ipaddr, gameinfo, title, owner, ownername, version, build, lastmod) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)'); + $statement = $this->prepare('INSERT INTO servers (nameport, ipaddr, gameinfo, title, owner, ownername, version, build, lastmod) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)'); if ($statement) { $time = time(); $statement->bind_param('ssssssssi', $nameport, $servip, $gameinfo, $title, $ownerID, $owner, $version, $build, $time); @@ -63,7 +80,7 @@ function addServer($nameport, $servip, $gameinfo, $title, $ownerID, $owner, $ver } function updateServerByServerID($serverid, $nameport, $servip, $gameinfo, $title, $ownerID, $owner, $version, $build) { - $statement = $this->link->prepare('UPDATE servers SET nameport = ?, ipaddr = ?, gameinfo = ?, title = ?, owner = ?, ownername = ?, version = ?, build = ?, lastmod = ? WHERE server_id = ?'); + $statement = $this->prepare('UPDATE servers SET nameport = ?, ipaddr = ?, gameinfo = ?, title = ?, owner = ?, ownername = ?, version = ?, build = ?, lastmod = ? WHERE server_id = ?'); if ($statement) { $time = time(); $statement->bind_param('ssssssssii', $nameport, $servip, $gameinfo, $title, $ownerID, $owner, $version, $build, $time, $serverid); @@ -72,7 +89,7 @@ function updateServerByServerID($serverid, $nameport, $servip, $gameinfo, $title } function deleteServerByServerID($serverid) { - $statement = $this->link->prepare('DELETE FROM servers WHERE server_id = ?'); + $statement = $this->prepare('DELETE FROM servers WHERE server_id = ?'); if ($statement) { $statement->bind_param('i', $serverid); $statement->execute(); @@ -80,7 +97,7 @@ function deleteServerByServerID($serverid) { } function deleteStaleServers($staletime) { - $statement = $this->link->prepare('DELETE FROM servers WHERE lastmod < ?'); + $statement = $this->prepare('DELETE FROM servers WHERE lastmod < ?'); if ($statement) { $statement->bind_param('i', $staletime); $statement->execute(); @@ -88,7 +105,7 @@ function deleteStaleServers($staletime) { } function getServerByNameport($nameport) { - $statement = $this->link->prepare('SELECT * FROM servers WHERE nameport = ?'); + $statement = $this->prepare('SELECT * FROM servers WHERE nameport = ?'); if ($statement) { $statement->bind_param('s', $nameport); $statement->execute(); @@ -107,7 +124,7 @@ function getServerByNameport($nameport) { function addAdvertGroup($serverid, $groupid) { - $statement = $this->link->prepare('INSERT INTO server_advert_groups (server_id, group_id) VALUES (?, ?)'); + $statement = $this->prepare('INSERT INTO server_advert_groups (server_id, group_id) VALUES (?, ?)'); if ($statement) { $statement->bind_param('ii', $serverid, $groupid); $statement->execute(); @@ -115,7 +132,7 @@ function addAdvertGroup($serverid, $groupid) { } function deleteAdvertGroupByServerID($serverid) { - $statement = $this->link->prepare('DELETE FROM server_advert_groups WHERE server_id = ?'); + $statement = $this->prepare('DELETE FROM server_advert_groups WHERE server_id = ?'); if ($statement) { $statement->bind_param('i', $serverid); $statement->execute(); @@ -123,7 +140,7 @@ function deleteAdvertGroupByServerID($serverid) { } function getAuthKeyInfoByKey($authkey) { - $statement = $this->link->prepare('SELECT host, owner FROM authkeys WHERE key_string = ?'); + $statement = $this->prepare('SELECT host, owner FROM authkeys WHERE key_string = ?'); if ($statement) { $statement->bind_param('s', $authkey); $statement->execute(); @@ -152,7 +169,7 @@ function userExists($name) { } function getActiveForumUserByName($name) { - $statement = $this->link->prepare('SELECT user_id, user_password, username FROM bzbb3_users WHERE username_clean = ? AND user_inactive_reason = 0'); + $statement = $this->prepare('SELECT user_id, user_password, username FROM %forum%bzbb3_users WHERE username_clean = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('s', $name); $statement->execute(); @@ -169,7 +186,7 @@ function getActiveForumUserByName($name) { } function getActiveForumUserByUserID($userid) { - $statement = $this->link->prepare('SELECT username, username_clean, user_password FROM bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); + $statement = $this->prepare('SELECT username, username_clean, user_password FROM %forum%bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -186,7 +203,7 @@ function getActiveForumUserByUserID($userid) { } function getActiveForumUsernameCleanByUserID($userid) { - $statement = $this->link->prepare('SELECT username_clean FROM bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); + $statement = $this->prepare('SELECT username_clean FROM %forum%bzbb3_users WHERE user_id = ? AND user_inactive_reason = 0'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -203,7 +220,7 @@ function getActiveForumUsernameCleanByUserID($userid) { } function getGroupMembershipsByUserID($userid) { - $statement = $this->link->prepare("SELECT g.group_name FROM bzbb3_groups g, bzbb3_user_group ug WHERE ug.user_id = ? AND ug.group_id = g.group_id AND ug.user_pending = 0 AND NOT (g.group_skip_auth = 1 AND ug.group_leader = 1)"); + $statement = $this->prepare("SELECT g.group_name FROM %forum%bzbb3_groups g, %forum%bzbb3_user_group ug WHERE ug.user_id = ? AND ug.group_id = g.group_id AND ug.user_pending = 0 AND NOT (g.group_skip_auth = 1 AND ug.group_leader = 1)"); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -222,7 +239,7 @@ function getGroupMembershipsByUserID($userid) { } function validateTokenInformation($callsign, $token, $ip, $staletime, $nameport) { - $statement = $this->link->prepare("SELECT user_id FROM bzbb3_users WHERE username_clean = ? AND user_token = ? AND user_tokendate > ? AND ((user_tokenip = ? OR '' = ?) OR (user_tokennameport = ? OR '' = ?))"); + $statement = $this->prepare("SELECT user_id FROM %forum%bzbb3_users WHERE username_clean = ? AND user_token = ? AND user_tokendate > ? AND ((user_tokenip = ? OR '' = ?) OR (user_tokennameport = ? OR '' = ?))"); if ($statement) { $statement->bind_param('siissss', $callsign, $token, $staletime, $ip, $ip, $nameport, $nameport); $statement->execute(); @@ -238,7 +255,7 @@ function validateTokenInformation($callsign, $token, $ip, $staletime, $nameport) } function setTokenInformationByUserID($userid, $token, $nameport) { - $statement = $this->link->prepare('UPDATE bzbb3_users SET user_token = ?, user_tokendate = ?, user_tokenip = ?, user_tokennameport = ? WHERE user_id = ?'); + $statement = $this->prepare('UPDATE %forum%bzbb3_users SET user_token = ?, user_tokendate = ?, user_tokenip = ?, user_tokennameport = ? WHERE user_id = ?'); if ($statement) { $time = time(); $statement->bind_param('iissi', $token, $time, $_SERVER['REMOTE_ADDR'], $nameport, $userid); @@ -247,7 +264,7 @@ function setTokenInformationByUserID($userid, $token, $nameport) { } function clearTokenInformationByUserID($userid) { - $statement = $this->link->prepare('UPDATE bzbb3_users SET user_lastvisit = ?, user_tokendate = 0 WHERE user_id = ?'); + $statement = $this->prepare('UPDATE %forum%bzbb3_users SET user_lastvisit = ?, user_tokendate = 0 WHERE user_id = ?'); if ($statement) { $time = time(); $statement->bind_param('ii', $time, $userid); @@ -256,7 +273,7 @@ function clearTokenInformationByUserID($userid) { } function getPrivateMessageCountByUserID($userid) { - $statement = $this->link->prepare('SELECT user_new_privmsg FROM bzbb3_users WHERE user_id = ?'); + $statement = $this->prepare('SELECT user_new_privmsg FROM %forum%bzbb3_users WHERE user_id = ?'); if ($statement) { $statement->bind_param('i', $userid); $statement->execute(); @@ -273,7 +290,7 @@ function getPrivateMessageCountByUserID($userid) { function getServersForUnregistered($version) { if (!$version) $version = ''; - $statement = $this->link->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE ad.group_id = 0 AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); + $statement = $this->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE ad.group_id = 0 AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); if ($statement) { $statement->bind_param('ss', $version, $version); $statement->execute(); @@ -290,7 +307,7 @@ function getServersForUnregistered($version) { function getServersForUserID($user, $version) { if (!$version) $version = ''; - $statement = $this->link->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id INNER JOIN bzbb3_user_group ug ON ad.group_id = ug.group_id WHERE ug.user_id = ? AND (s.version = ? OR '' = ?) UNION SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE (ad.group_id = 0 OR ad.group_id = 6727) AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); + $statement = $this->prepare("SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id INNER JOIN %forum%bzbb3_user_group ug ON ad.group_id = ug.group_id WHERE ug.user_id = ? AND (s.version = ? OR '' = ?) UNION SELECT s.nameport, s.version, s.gameinfo, s.ipaddr, s.title, s.owner, s.ownername FROM servers s INNER JOIN server_advert_groups ad ON s.server_id = ad.server_id WHERE (ad.group_id = 0 OR ad.group_id = 6727) AND (s.version = ? OR '' = ?) ORDER BY nameport ASC"); if ($statement) { $statement->bind_param('issss', $user, $version, $version, $version, $version); $statement->execute(); @@ -307,7 +324,7 @@ function getServersForUserID($user, $version) { function getGroupIDByGroupName($groupname) { - $statement = $this->link->prepare('SELECT group_id FROM bzbb3_groups WHERE group_name = ?'); + $statement = $this->prepare('SELECT group_id FROM %forum%bzbb3_groups WHERE group_name = ?'); if ($statement) { $statement->bind_param('s', $groupname); $statement->execute(); diff --git a/weblogin.php b/weblogin.php index 4f0f049..cdf6a56 100644 --- a/weblogin.php +++ b/weblogin.php @@ -244,7 +244,7 @@ function action_webvalidate() { session_start(); -$db = new ListDB($dbhost, $dbuname, $dbpass, $dbname); +$db = new ListDB($dbhost, $dbuname, $dbpass, $dbname, $bbdbname); // start of script // figure out what we are doing From 31e3e22e60cd716c2c911f6bb66d87985fc90491 Mon Sep 17 00:00:00 2001 From: Scott Wichser Date: Tue, 11 Apr 2023 06:25:56 -0500 Subject: [PATCH 09/28] Improve README.md --- README.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2977ca6..8174d40 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,16 @@ -This is the game server list program for BZFlag. +# BZFlag List Server (bzfls) -It also includes weblogin.php for remote sites that use BZFlag forum logins. +------------------------------------------------------------------------------ + +The BZFlag List Server handles authentication and listing game servers. + +* **bzfls.php:** The main entry point that is used to list game servers and handle authentication. +* **bzflsadmin.php:** Manages the list of bans used by bzfls.php, which can block servers or players. +* **weblogin.php:** Used by third-party websites to integrate with BZFlag's login system. + +## Web Server Configuration + +For Apache, include an alias: +```apacheconf +Alias /db/ /bzfls.php +``` \ No newline at end of file From 398ea374ca7980f5ada05638756a3a513c7f16c9 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 11 Apr 2023 13:48:51 +0000 Subject: [PATCH 10/28] multi-ip in REMOVE too --- bzfls.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/bzfls.php b/bzfls.php index 26d1859..a03f072 100644 --- a/bzfls.php +++ b/bzfls.php @@ -569,7 +569,6 @@ function action_add() { $aiaddr = socket_addrinfo_explain($addrinfo)['ai_addr']; $serverips[] = $aiaddr['sin6_addr'] ? $aiaddr['sin6_addr'] : $aiaddr['sin_addr']; } - //$serverips = gethostbynamel($servname); // check the server key (from the bzfs -publickey option) if ( $serverKey || ($version != 'BZFS0026' && $version != 'BZFS1910')) @@ -585,8 +584,7 @@ function action_add() { exit("ERROR: Server name mismatch for key $servname != " . $keyinfo['host'] . "\n"); } - # FIXME: this only looks one IPv4 address - # server may have zero or more IPv4 ips, and zero or more IPv6 ips. + # server may have zero or more IPv4 IPs, and zero or more IPv6 ips. if (!in_array($_SERVER['REMOTE_ADDR'],$serverips)) { print('WARNING: Host mismatch for server key ' . $_SERVER['REMOTE_ADDR'] . ' not in ' . json_encode($serverips) . "\n"); } @@ -614,7 +612,7 @@ function action_add() { // no longer used $servip = "127.0.0.1"; - print "MSG: ADD $nameport $version $gameinfo $servip $title\n"; + print "MSG: ADD $nameport $version $gameinfo $title\n"; # Test to see whether nameport is valid by attempting to establish a # connection to it @@ -690,20 +688,27 @@ function action_remove() { $ownerID = $keyinfo['owner']; } - $serverips = gethostbynamel($servname); - // Hostname must resolve to a single IPv4 address - if ($serverips === FALSE || sizeof($serverips) != 1) { - print("ERROR: Provided hostname does not resolve to a single IPv4 address:".json_encode($serverips)."\n"); - return; + // get ips for servname + $srvaddrinfo = socket_addrinfo_lookup($servname,$servport,array('ai_socktype'=>SOCK_STREAM)); + if ($srvaddrinfo == false) + exit("ERROR: cannot resolve $servname\n"); + + $serverips = array(); + foreach($srvaddrinfo as $addrinfo) { + $aiaddr = socket_addrinfo_explain($addrinfo)['ai_addr']; + $serverips[] = $aiaddr['sin6_addr'] ? $aiaddr['sin6_addr'] : $aiaddr['sin_addr']; } - $servip = $serverips[0]; + # server may have zero or more IPv4 IPs, and zero or more IPv6 ips. + if (!in_array($_SERVER['REMOTE_ADDR'],$serverips)) { + print('WARNING: Host mismatch for server key ' . $_SERVER['REMOTE_ADDR'] . ' not in ' . json_encode($serverips) . "\n"); + } - if ($ownerID == "" && $_SERVER['REMOTE_ADDR'] !== $servip && !$debugNoIpCheck) { + if ($ownerID == "" && in_array($_SERVER['REMOTE_ADDR'],$serverips) && !$debugNoIpCheck) { debug('Requesting address is ' . $_SERVER['REMOTE_ADDR'] - . ' while server is at ' . $servip, 1 ); + . ' while server ips are ' . json_encode($serverips), 1 ); print('ERROR: Requesting address is ' . $_SERVER['REMOTE_ADDR'] - . ' while server is at ' . $servip ); + . ' while server ips are ' . json_encode($serverips) ); die(); } @@ -767,7 +772,7 @@ function action_remove() { # mode:php *** # tab-width: 8 *** # c-basic-offset: 2 *** -# indent-tabs-mode: s *** +# indent-tabs-mode: t *** # End: *** # ex: shiftwidth=2 tabstop=8 From 82138da353ad09f6cd676ff6fcf2d4267f45020d Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 11 Apr 2023 13:49:43 +0000 Subject: [PATCH 11/28] ws --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8174d40..73bc384 100644 --- a/README.md +++ b/README.md @@ -13,4 +13,4 @@ The BZFlag List Server handles authentication and listing game servers. For Apache, include an alias: ```apacheconf Alias /db/ /bzfls.php -``` \ No newline at end of file +``` From 1ed208720e31cd8902883661dbb93aaa94e65f54 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 11 Apr 2023 13:55:23 +0000 Subject: [PATCH 12/28] https --- bzfls.php | 2 +- bzflsadmin.php | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bzfls.php b/bzfls.php index a03f072..31c6fd8 100644 --- a/bzfls.php +++ b/bzfls.php @@ -236,7 +236,7 @@ function testform($message) {

BZFlag db server

' . $message . ' -

This is the development interface to the BZFlag list server.

+

This is the development interface to the BZFlag list server.

action: - + @@ -201,7 +201,7 @@ mysqli_select_db ($link, $dbname) or die ("Could not select bzbb database."); if ($_POST['id']) $sql = sprintf ("UPDATE serverbans SET type = '%s', value = '%s', owner = '%s', reason = '%s', lastby = %u WHERE banid = %u", - mysqli_real_escape_string ($link, $_POST['type']), + mysqli_real_escape_string ($link, $_POST['type']), mysqli_real_escape_string ($link, $_POST['value']), mysqli_real_escape_string ($link, $_POST['owner']), mysqli_real_escape_string ($link, $_POST['reason']), @@ -209,7 +209,7 @@ $_POST['id']); else $sql = sprintf ("INSERT INTO serverbans SET type = '%s', value = '%s', owner = '%s', reason = '%s', lastby = %u", - mysqli_real_escape_string ($link, $_POST['type']), + mysqli_real_escape_string ($link, $_POST['type']), mysqli_real_escape_string ($link, $_POST['value']), mysqli_real_escape_string ($link, $_POST['owner']), mysqli_real_escape_string ($link, $_POST['reason']), From 47be4411664a2614540728a1db89f0d03616a4b6 Mon Sep 17 00:00:00 2001 From: Tim Riker Date: Tue, 11 Apr 2023 15:05:42 +0000 Subject: [PATCH 17/28] fix style --- bzflsadmin.php | 8 ++-- css/general.css | 106 +++++++++++++++++++++++++++++++++++++++++++++ images/logo2-1.jpg | Bin 0 -> 8171 bytes images/logo2-2.jpg | Bin 0 -> 10540 bytes 4 files changed, 110 insertions(+), 4 deletions(-) create mode 100644 css/general.css create mode 100644 images/logo2-1.jpg create mode 100644 images/logo2-2.jpg diff --git a/bzflsadmin.php b/bzflsadmin.php index 3a4a10b..c488126 100644 --- a/bzflsadmin.php +++ b/bzflsadmin.php @@ -410,8 +410,8 @@ function dumpPageHeader () { ' BZFlag List Server Administration - - + +
Ban Type:
Ban Type:
IP/Hostname
Owner
Reason