forked from Talishar/Talishar
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBanPlayer.php
More file actions
104 lines (89 loc) · 3.23 KB
/
BanPlayer.php
File metadata and controls
104 lines (89 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
include "./HostFiles/Redirector.php";
include "./Libraries/HTTPLibraries.php";
SetHeaders();
// Handle CORS preflight requests
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
include_once './includes/functions.inc.php';
include_once "./includes/dbh.inc.php";
include_once './Libraries/CSRFLibraries.php';
include_once './includes/ModeratorList.inc.php';
session_start();
if (!isset($_SESSION["userid"])) {
if (isset($_COOKIE["rememberMeToken"])) {
loginFromCookie();
}
}
if (!isset($_SESSION["useruid"])) {
echo json_encode(["status" => "error", "message" => "Please login to view this page."]);
http_response_code(401);
exit;
}
$useruid = $_SESSION["useruid"];
if (!IsUserModerator($useruid)) {
echo json_encode(["status" => "error", "message" => "You must log in to use this page."]);
http_response_code(403);
exit;
}
// Validate CSRF token for POST requests (optional for API - credentials in cookies provide protection)
/*
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token'])) {
if (!validateCSRFToken($_POST['csrf_token'])) {
header('Content-Type: application/json');
echo json_encode(["status" => "error", "message" => "CSRF token validation failed"]);
http_response_code(403);
exit;
}
}
*/
// Handle both form-encoded and JSON POST data
$postData = $_POST;
if (empty($_POST) && $_SERVER['REQUEST_METHOD'] === 'POST') {
$contentType = $_SERVER['CONTENT_TYPE'] ?? '';
if (strpos($contentType, 'application/json') !== false) {
$jsonData = json_decode(file_get_contents('php://input'), true);
$postData = $jsonData ?? [];
}
}
function TryPOSTData($key, $default = "", $data = []) {
return $data[$key] ?? $default;
}
$playerToBan = trim(TryPOSTData("playerToBan", "", $postData));
$ipToBan = trim(TryPOSTData("ipToBan", "", $postData));
$playerNumberToBan = trim(TryPOSTData("playerNumberToBan", "", $postData));
$usernameToDelete = trim(TryPOSTData("usernameToDelete", "", $postData));
$result = ["status" => "success"];
if ($playerToBan != "") {
$writeResult = file_put_contents('./HostFiles/bannedPlayers.txt', $playerToBan . "\r\n", FILE_APPEND | LOCK_EX);
if ($writeResult === false) {
$result["status"] = "error";
$result["message"] = "Failed to write banned player to file";
} else {
BanPlayer($playerToBan);
$result["message"] = "Player $playerToBan has been banned.";
}
}
if ($ipToBan != "") {
$gameName = $ipToBan;
include './MenuFiles/ParseGamefile.php';
$ipToBan = $playerNumberToBan == "1" ? $hostIP : $joinerIP;
$writeResult = file_put_contents('./HostFiles/bannedIPs.txt', $ipToBan . "\r\n", FILE_APPEND | LOCK_EX);
if ($writeResult === false) {
$result["status"] = "error";
$result["message"] = "Failed to write banned IP to file";
} else {
$result["message"] = "IP $ipToBan has been banned.";
}
}
if ($usernameToDelete != "") {
// Username deletion is now handled by DeleteAccountAPI.php
// This endpoint should not receive usernameToDelete
$result["status"] = "error";
$result["message"] = "Please use the proper delete account endpoint.";
}
// Return JSON response for API calls
header('Content-Type: application/json');
echo json_encode($result);