Add files via upload

2025-04-06 21:25:48 +12:00 · 2021-10-28 17:19:13 +13:00 · 2021-10-28 17:19:13 +13:00 · c632c19c34
commit c632c19c34
parent 9b7a81ceee
34 changed files with 7883 additions and 7874 deletions
--- a/master-site/crosserver.php
+++ b/master-site/crosserver.php
@ -8,7 +8,8 @@ function GenHmacMessage(string $data, string $channel)
 		echo("<h1>Set \$hmac_secret in config.php!</h1>");
 		exit();
 	}
-	$hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy'));
+	$secret = $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy');
 	$hmac = hash_hmac('sha256', $data, $secret);
 	return $hmac;
 }
@ -221,7 +222,7 @@ function addItemToPuchaseQueue($database, $playerId, $itemId, $itemCount)
 	$stmt->bind_param("iii", $playerId, $itemId, $itemCount);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	
+	mysqli_close($connect);
 }
 function getUserSubbed($database, $id)
@ -233,9 +234,10 @@ function getUserSubbed($database, $id)
 	$stmt->bind_param("i", $id);
 	$stmt->execute();
 	$result = $stmt->get_result();	
 	$subbed =  $result->fetch_row()[0] == "YES";
 	mysqli_close($connect);
-	return $result->fetch_row()[0] == "YES";
+	return $subbed;
 }
 function isUserOnline($database, $id)
@ -249,6 +251,8 @@ function isUserOnline($database, $id)
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
 	mysqli_close($connect);
 	return $count>0;	
 }
@ -258,7 +262,9 @@ function getNoModPlayersOnlineInServer($database)
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
-	return $onlineModerators->fetch_row()[0];
+	$num = $onlineModerators->fetch_row()[0];
 	mysqli_close($connect);
 	return $num;
 }
 function getServerById(string $id)
@ -283,6 +289,8 @@ function userid_exists(string $database, string $userid)
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
 	mysqli_close($connect);
 	return $count>0;
 }
@ -294,8 +302,8 @@ function createAccountOnServer(string $database)
 	$id = intval($_SESSION['PLAYER_ID']);
 	$username = $_SESSION['USERNAME'];
 	$sex = $_SESSION['SEX'];
-	$admin = $_SESSION['ADMIN'];
+	$admin = ($_SESSION['ADMIN'] ? "YES" : "NO");
-	$mod = $_SESSION['MOD'];
+	$mod = ($_SESSION['MOD'] ? "YES" : "NO");
 	$passhash = $_SESSION['PASSWORD_HASH'];
 	$salt = $_SESSION['SALT'];
@ -304,6 +312,7 @@ function createAccountOnServer(string $database)
 	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
 	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
 	$stmt->execute();
 	mysqli_close($connect);
 }
 # Global Functions
--- a/master-site/joinserver.php
+++ b/master-site/joinserver.php
@ -18,7 +18,7 @@ if(isset($_GET['SERVER']))
 			{				
 				createAccountOnServer($server['database']);
-				$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
+				$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
 				$redirectUrl = $server['site'];
 				if(!endsWith($redirectUrl, '/'))