mirror/litebans-php
1
0
Fork 0
mirror of https://gitlab.com/ruany/litebans-php.git synced 2025-05-23 00:19:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Support Content Security Policy (CSP)

Browse Source
This commit is contained in:
ruan 2024-08-10 23:36:27 +02:00
parent afabb58c18
commit b079b0f954
12 changed files with 84 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
check.php
View File

@ -35,7 +35,7 @@ class Check {
if (!isset($uuid)) {
if (filter_var($name, FILTER_VALIDATE_FLOAT)) {
echo "<br>";
redirect($page->link("info.php?type=$type&id=$name"));
$page->redirect($page->link("info.php?type=$type&id=$name"), true, false);
return;
}
$name = htmlspecialchars($name, ENT_QUOTES);
@ -50,9 +50,9 @@ class Check {
}
echo "<br>";
redirect($page->link($href));
$page->redirect($page->link($href), true, false);
} catch (PDOException $ex) {
$page->db->handle_error($page->settings, $ex);
$page->db->handle_error($page, $ex);
}
}

20
error/tables-not-found.php
View File

@ -41,26 +41,6 @@
<br>
- Ensure that you are using the latest version of LiteBans.
<br>
<?php
echo("<br>Database tables:");
$db = new Database($settings, true, false);
try {
$st = $db->conn->query("SELECT * FROM " . $settings->table['bans'] . " LIMIT 1;");
$st->fetch();
$st->closeCursor();
} catch (PDOException $e) {
$st = $db->conn->query("SHOW TABLES;");
$st->execute();
$rows = $st->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
foreach ($row as $k => $v) {
echo("<br> - $v");
}
}
$st->closeCursor();
}
?>
</div>
<br>
<a href="../" class="btn btn-primary">Try Again</a>

2
history.php
View File

@ -266,5 +266,5 @@ try {
$page->print_footer();
} catch (PDOException $ex) {
$page->db->handle_error($page->settings, $ex);
$page->db->handle_error($page, $ex);
}

4
inc/css/custom.css
View File

@ -71,6 +71,10 @@ tr.hover {
text-align: left;
}
.litebans-check-btn {
margin-left: 5px;
}
.litebans-check-form {
margin-left: 15px;
}

18
inc/database.php
View File

@ -4,15 +4,16 @@
class Database {
public static $TRUE = "1", $FALSE = "0";
public function __construct(Settings $settings, $connect, $verify) {
public function __construct(Page $page, $connect, $verify) {
if ($connect) {
$this->connect($settings, $verify);
$this->connect($page, $verify);
} else {
$this->conn = null;
}
}
function connect(Settings $cfg, $verify = true) {
function connect(Page $page, $verify = true) {
$cfg = $page->settings;
$driver = $cfg->driver;
$host = $cfg->host;
$port = $cfg->port;
@ -41,7 +42,7 @@ class Database {
}
if ($username === "" && $password === "") {
redirect("error/unconfigured.php");
$page->redirect("error/unconfigured.php");
}
$dsn = "$driver:dbname=$database;host=$host;port=$port";
@ -84,7 +85,8 @@ class Database {
* @param $e Exception
* @throws Exception
*/
function handle_error(Settings $cfg, Exception $e) {
function handle_error(Page $page, Exception $e) {
$cfg = $page->settings;
if ($cfg->error_throw) throw $e;
$message = 'Database error: ' . $e->getMessage();
@ -92,7 +94,7 @@ class Database {
if (strstr($message, "Access denied for user")) {
$param = "";
if ($cfg->error_reporting) $param = "?error=" . base64_encode($e->getMessage());
redirect("error/access-denied.php$param");
$page->redirect("error/access-denied.php$param");
}
if (strstr($message, "Base table or view not found:") || strstr($message, "Unknown column")) {
try {
@ -100,9 +102,9 @@ class Database {
$st->fetch();
$st->closeCursor();
} catch (PDOException $e) {
redirect("error/tables-not-found.php");
$page->redirect("error/tables-not-found.php");
}
redirect("error/outdated-plugin.php");
$page->redirect("error/outdated-plugin.php");
}
}
if (!$cfg->error_reporting) $message = "Database error";

2
inc/footer.php
View File

@ -1,3 +1,3 @@
<script src="<?php echo $this->resource('inc/js/jquery-3.5.1.min.js'); ?>"></script>
<script src="<?php echo $this->resource('inc/js/bootstrap.min.js'); ?>"></script>
<?php echo "</html>"; ?>
</html>

10
inc/header.php
View File

@ -71,7 +71,7 @@ if ($page->settings->header_show_totals) {
'kicks.php' => $row[3],
);
} catch (PDOException $ex) {
$page->db->handle_error($page->settings, $ex);
$page->db->handle_error($page, $ex);
}
}
?>
@ -87,14 +87,6 @@ if ($page->settings->header_show_totals) {
<link href="<?php echo $this->page->resource('inc/css/bootstrap.min.css'); ?>" rel="stylesheet">
<link href="<?php echo $this->page->resource('inc/css/glyphicons.min.css'); ?>" rel="stylesheet">
<link href="<?php echo $this->page->resource('inc/css/custom.css'); ?>" rel="stylesheet">
<script type="text/javascript">
function withjQuery(tries, f) {
if (window.jQuery) f();
else if (tries > 0) window.setTimeout(function () {
withjQuery(tries - 1, f);
}, 100);
}
</script>
</head>

12
inc/init.php
View File

@ -1,12 +0,0 @@
<?php
function redirect($url, $showtext = true) {
if ($showtext === true) {
echo "<a href=\"$url\">Redirecting...</a>";
}
die("<script data-cfasync=\"false\" type=\"text/javascript\">document.location=\"$url\";</script>");
}
if (!extension_loaded("pdo_mysql") || !extension_loaded("intl")) {
redirect("error/missing-extensions.php");
}

20
inc/js/form.js Normal file
View File

@ -0,0 +1,20 @@
var captureForm = function (b) {
var o = $(".litebans-check-output");
o.removeClass("show");
var x = setTimeout(function () {
o.html("<br>")
}, 150);
$.ajax({type: "GET", url: $("#form-link").val() + "?name=" + $("#user").val() + "&table=" + $("#form-table").val()}).done(function (c) {
clearTimeout(x);
o.html(c);
o.addClass("show")
var url = document.getElementById("redirect-url");
if (url !== null) {
document.location = url.value;
}
});
b.preventDefault();
return false
};
document.getElementById("check").addEventListener("submit", captureForm)

4
inc/js/redirect.js Normal file
View File

@ -0,0 +1,4 @@
var url = document.getElementById("redirect-url");
if (url !== null) {
document.location = url.value;
}

15
inc/js/table.js Normal file
View File

@ -0,0 +1,15 @@
function withjQuery(tries, f) {
if (window.jQuery) f();
else if (tries > 0) window.setTimeout(function () {
withjQuery(tries - 1, f);
}, 100);
}
withjQuery(30, function () {
$('tr').click(function () {
var href = $(this).find('a').attr('href');
if (href !== undefined) window.location = href;
}).hover(function () {
$(this).toggleClass('hover');
});
});

35
inc/page.php
View File

@ -1,5 +1,4 @@
<?php
require_once './inc/init.php';
#[AllowDynamicProperties]
class Page {
@ -23,12 +22,17 @@ class Page {
} else {
$this->lang = new en_US();
}
$this->db = new Database($cfg, $connect, !($cfg instanceof EnvSettings));
$this->settings = $cfg;
if (!extension_loaded("pdo_mysql") || !extension_loaded("intl")) {
$this->redirect("error/missing-extensions.php");
}
$this->db = new Database($this, $connect, !($cfg instanceof EnvSettings));
$this->formatter = new IntlDateFormatter($cfg->lang, IntlDateFormatter::LONG, IntlDateFormatter::NONE, $cfg->timezone, IntlDateFormatter::GREGORIAN, $cfg->date_format);
$this->conn = $this->db->conn;
$this->settings = $cfg;
$this->uuid_name_cache = array();
$this->name = $name;
@ -201,7 +205,7 @@ class Page {
return $rows;
} catch (PDOException $ex) {
$this->db->handle_error($this->settings, $ex);
$this->db->handle_error($this, $ex);
return array();
}
}
@ -247,7 +251,7 @@ class Page {
$uuidDashed = $uuid;
$uuid = $this->uuid_undashify($uuid);
$src = str_replace(array('{uuid}','{uuidDashed}', '{name}'), array($uuid, $uuidDashed, $name), $avatar_source);
$src = str_replace(array('{uuid}', '{uuidDashed}', '{name}'), array($uuid, $uuidDashed, $name), $avatar_source);
if (in_array($name, $this->settings->console_aliases) || $name === $this->settings->console_name) {
$src = $this->resource($this->settings->console_image);
$name = $this->settings->console_name;
@ -430,6 +434,16 @@ class Page {
return ($millis > $until);
}
function redirect($url, $showtext = true, $script = true) {
if ($showtext === true) {
echo "<a href=\"$url\">Redirecting...</a>";
}
echo("<input type=\"hidden\" id=\"redirect-url\" value=\"$url\">");
if ($script) {
die("<script src={$this->resource('inc/js/redirect.js')}></script>");
} else die;
}
/**
* Returns true if a string should be treated as a UUID.
* @param $str
@ -542,18 +556,19 @@ class Page {
echo '
<div class="row litebans-check">
<div class="litebans-check litebans-check-form">
<form action="check.php" onsubmit="captureForm(event);" class="form-inline">
<form action="check.php" class="form-inline" id="check">
<div class="form-group">
<input type="text" class="form-control" name="name" id="user" placeholder="' . $this->t("generic.player-name") . '">
</div>
<input type="hidden" name="table" value="' . $this->name . '">
<button type="submit" class="btn btn-primary" style="margin-left: 5px;">' . $this->t("action.check") . '</button>
<input type="hidden" name="table" id="form-table" value="' . $this->name . '">
<input type="hidden" name="link" id="form-link" value="' . $link . '">
<button type="submit" class="btn btn-primary litebans-check-btn">' . $this->t("action.check") . '</button>
</form>
</div>
<script type="text/javascript">function captureForm(b){var o=$(".litebans-check-output");o.removeClass("show");var x=setTimeout(function(){o.html("<br>")}, 150);$.ajax({type:"GET",url:"' . $link . '?name="+$("#user").val()+"&table=' . $table . '"}).done(function(c){clearTimeout(x);o.html(c);o.addClass("show")});b.preventDefault();return false};</script>
</div>
<div class="litebans-check litebans-check-output fade" class="success fade" data-alert="alert"></div>
<p class="noselect"></p>
<script src="' . $this->resource('inc/js/form.js') . '"></script>
';
}
@ -653,7 +668,7 @@ class Page {
function table_end($clicky = true) {
echo '</table>';
if ($clicky) {
echo "<script type=\"text/javascript\">withjQuery(30,function(){ $('tr').click(function(){var href=$(this).find('a').attr('href');if(href!==undefined)window.location=href;}).hover(function(){\$(this).toggleClass('hover');}); });</script>";
echo "<script src={$this->resource('inc/js/table.js')}></script>";
}
}