arriej/TSN-Ranksystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release 1.2.11

Browse Source
This commit is contained in:
Newcomer1989
2018-09-27 19:24:17 +02:00
parent 1f30c15f57
commit ce3c88d833
50 changed files with 870 additions and 1076 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
stats/assign_groups.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
@@ -37,10 +39,16 @@ $cld_groups = explode(',', $dbdata['cldgroup']);
$disabled = '';
$allowed_groups_arr = array();
if (isset($_POST['update']) && $_POST['csrf_token'] != $_SESSION[$rspathhex.'csrf_token']) {
echo $lang['errcsrf'];
rem_session_ts3($rspathhex);
exit;
$csrf_token = bin2hex(openssl_random_pseudo_bytes(32));
if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true);
$err_lvl = 3;
}
if(count($_SESSION[$rspathhex.'multiple']) > 1 and !isset($_SESSION[$rspathhex.'uuid_verified'])) {
@@ -65,7 +73,7 @@ if(count($_SESSION[$rspathhex.'multiple']) > 1 and !isset($_SESSION[$rspathhex.'
$allowed_groups_arr = explode(',', $addons_config['assign_groups_groupids']['value']);
if(isset($_POST['update']) && $_POST['csrf_token'] == $_SESSION[$rspathhex.'csrf_token']) {
if(isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) {
if(($sumentries = $mysqlcon->query("SELECT COUNT(*) FROM `$dbname`.`addon_assign_groups` WHERE `uuid`='$uuid'")->fetch(PDO::FETCH_NUM)) === false) {
$err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3;
} else {
@@ -104,11 +112,12 @@ if(count($_SESSION[$rspathhex.'multiple']) > 1 and !isset($_SESSION[$rspathhex.'
}
}
}
} elseif(isset($_POST['update'])) {
echo '<div class="alert alert-danger alert-dismissible">',$lang['errcsrf'],'</div>';
rem_session_ts3($rspathhex);
exit;
}
}
$_SESSION[$rspathhex.'csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32));
require_once('nav.php');
?>
<div id="page-wrapper">
@@ -122,7 +131,7 @@ require_once('nav.php');
</div>
</div>
<form class="form-horizontal" name="update" method="POST">
<input type="hidden" name="csrf_token" value="<?PHP echo $_SESSION[$rspathhex.'csrf_token']; ?>">
<input type="hidden" name="csrf_token" value="<?PHP echo $csrf_token; ?>">
<div class="row">
<div class="col-md-6">
</div>

6
stats/index.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');
@@ -388,7 +390,7 @@ require_once('nav.php');
<td><?PHP echo $lang['stix0036']; ?></td>
<td><?PHP if(file_exists("../tsicons/servericon.png")) {
$img_content = file_get_contents("../tsicons/servericon.png");
echo $sql_res['server_name'] .'<div class="pull-right"><img src="data:',mime_content_type("../tsicons/servericon.png"),';base64,'.base64_encode($img_content).'" alt="servericon"></div>';
echo $sql_res['server_name'] .'<div class="pull-right"><img src="data:',mime_content_type("../tsicons/servericon.png"),';base64,'.base64_encode($img_content).'" width="16" height="16" alt="servericon"></div>';
} else { echo $sql_res['server_name']; } ?></td>
</tr>
<tr>

6
stats/info.php
View File

@@ -1,4 +1,4 @@
<?PHP
<?PHP
ini_set('session.cookie_httponly', 1);
ini_set('session.use_strict_mode', 1);
if(in_array('sha512', hash_algos())) {
@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
$starttime = microtime(true);

9
stats/list_rankup.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
@@ -112,6 +114,7 @@ if(isset($getstring)) {
$dbdata_full->bindValue(':searchvalue', '%'.$searchstring.'%', PDO::PARAM_STR);
$dbdata_full->execute();
$sumentries = $dbdata_full->fetch(PDO::FETCH_NUM);
$getstring = rawurlencode($getstring);
} else {
$getstring = '';
$sumentries = $mysqlcon->query("SELECT COUNT(*) FROM `$dbname`.`user`")->fetch(PDO::FETCH_NUM);
@@ -356,7 +359,7 @@ if($adminlogin == 1) {
if ($value['grpid'] == 0) {
echo '<td class="text-center"></td>';
} elseif ($sqlhisgroup[$value['grpid']]['iconfile'] == 1) {
echo '<td class="text-center"><img src="../tsicons/'.$value['grpid'].'.png" alt="groupicon">&nbsp;&nbsp;' , $sqlhisgroup[$value['grpid']]['sgidname'] , '</td>';
echo '<td class="text-center"><img src="../tsicons/'.$value['grpid'].'.png" width="16" height="16" alt="groupicon">&nbsp;&nbsp;' , $sqlhisgroup[$value['grpid']]['sgidname'] , '</td>';
} else {
echo '<td class="text-center">' , $sqlhisgroup[$value['grpid']]['sgidname'] , '</td>';
}
@@ -388,7 +391,7 @@ if($adminlogin == 1) {
} elseif ($value['except'] == 2 || $value['except'] == 3) {
echo '<td class="text-center"><em>',$lang['listexcept'],'</em></td>';
} elseif (isset($sqlhisgroup[$groupid]) && $sqlhisgroup[$groupid]['iconfile'] == 1) {
echo '<td class="text-center"><img src="../tsicons/'.$groupid.'.png" alt="groupicon">&nbsp;&nbsp;' , $sqlhisgroup[$groupid]['sgidname'] , '</td>';
echo '<td class="text-center"><img src="../tsicons/'.$groupid.'.png" width="16" height="16" alt="groupicon">&nbsp;&nbsp;' , $sqlhisgroup[$groupid]['sgidname'] , '</td>';
} elseif (isset($sqlhisgroup[$groupid])) {
echo '<td class="text-center">' , $sqlhisgroup[$groupid]['sgidname'] , '</td>';
} else {

4
stats/my_stats.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/nations.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');

25
stats/nav.php
View File

@@ -88,29 +88,6 @@ if((time() - $job_check['last_update']['timestamp']) < 259200 && !isset($_SESSIO
</div>
</div>
</div>
<div id="battlesystem" class="modal fade">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title"><?PHP echo $lang['stnv0007']; ?></h4>
</div>
<div class="modal-body">
<p><?PHP echo $lang['stnv0008']; ?></p>
<p><?PHP echo $lang['stnv0009']; ?></p>
<p><?PHP echo $lang['stnv0010']; ?></p>
<p><?PHP echo $lang['stnv0011']; ?></p>
<p><?PHP echo $lang['stnv0012']; ?></p>
<p><?PHP echo $lang['stnv0013']; ?></p>
<p><?PHP echo $lang['stnv0014']; ?></p>
<p><?PHP echo $lang['stnv0015']; ?></p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><?PHP echo $lang['stnv0002']; ?></button>
</div>
</div>
</div>
</div>
<div id="myStatsModal" class="modal fade">
<div class="modal-dialog">
<div class="modal-content">
@@ -218,7 +195,7 @@ if((time() - $job_check['last_update']['timestamp']) < 259200 && !isset($_SESSIO
<li class="navbar-form navbar-right">
<form method="post">
<div class="form-group">
<input class="form-control" type="text" name="usersuche" placeholder="Search"<?PHP if(isset($getstring)) echo ' value="'.$getstring.'"'; ?>>
<input class="form-control" type="text" name="usersuche" placeholder="Search"<?PHP if(isset($getstring)) echo ' value="'.rawurldecode($getstring).'"'; ?>>
</div>
<button class="btn btn-primary" type="submit" name="username"><span class="glyphicon glyphicon-search" aria-hidden="true"></span></button>
</form>

4
stats/platforms.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');

4
stats/top_all.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/top_month.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/top_week.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/update_graph.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/verify.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();

4
stats/versions.php
View File

@@ -6,7 +6,9 @@ if(in_array('sha512', hash_algos())) {
}
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
ini_set('session.cookie_secure', 1);
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
if(!headers_sent()) {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;");
}
}
session_start();
require_once('../other/config.php');