Add files via upload

2025-04-06 21:25:48 +12:00 · 2021-10-28 17:20:53 +13:00 · 2021-10-28 17:20:53 +13:00 · fb0a78cf76
commit fb0a78cf76
parent c632c19c34
17 changed files with 1808 additions and 1799 deletions
--- a/game-site/account.php
+++ b/game-site/account.php
@ -41,7 +41,7 @@ if(!is_logged_in() && isset($_GET["SLID"], $_GET["C"]))
 	$hmac = GenHmacMessage((string)$id, "CrossSiteLogin");
 	$hmacSent = bin2hex(base64_url_decode($code));
-	if(hash_equals($hmacSent,$hmac))
+	if(hash_equals($hmacSent,$hmac) && userid_exists($dbname, $id))
 	{		
 		$_SESSION['LOGGED_IN'] = "YES";
 		$_SESSION['PLAYER_ID'] = $id;
--- a/game-site/web/crosserver.php
+++ b/game-site/web/crosserver.php
@ -8,7 +8,8 @@ function GenHmacMessage(string $data, string $channel)
 		echo("<h1>Set \$hmac_secret in config.php!</h1>");
 		exit();
 	}
-	$hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy'));
+	$secret = $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy');
 	$hmac = hash_hmac('sha256', $data, $secret);
 	return $hmac;
 }
@ -221,7 +222,7 @@ function addItemToPuchaseQueue($database, $playerId, $itemId, $itemCount)
 	$stmt->bind_param("iii", $playerId, $itemId, $itemCount);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	
+	mysqli_close($connect);
 }
 function getUserSubbed($database, $id)
@ -233,9 +234,10 @@ function getUserSubbed($database, $id)
 	$stmt->bind_param("i", $id);
 	$stmt->execute();
 	$result = $stmt->get_result();	
 	$subbed =  $result->fetch_row()[0] == "YES";
 	mysqli_close($connect);
-	return $result->fetch_row()[0] == "YES";
+	return $subbed;
 }
 function isUserOnline($database, $id)
@ -249,6 +251,8 @@ function isUserOnline($database, $id)
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
 	mysqli_close($connect);
 	return $count>0;	
 }
@ -258,7 +262,9 @@ function getNoModPlayersOnlineInServer($database)
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
-	return $onlineModerators->fetch_row()[0];
+	$num = $onlineModerators->fetch_row()[0];
 	mysqli_close($connect);
 	return $num;
 }
 function getServerById(string $id)
@ -283,6 +289,8 @@ function userid_exists(string $database, string $userid)
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
 	mysqli_close($connect);
 	return $count>0;
 }
@ -294,8 +302,8 @@ function createAccountOnServer(string $database)
 	$id = intval($_SESSION['PLAYER_ID']);
 	$username = $_SESSION['USERNAME'];
 	$sex = $_SESSION['SEX'];
-	$admin = $_SESSION['ADMIN'];
+	$admin = ($_SESSION['ADMIN'] ? "YES" : "NO");
-	$mod = $_SESSION['MOD'];
+	$mod = ($_SESSION['MOD'] ? "YES" : "NO");
 	$passhash = $_SESSION['PASSWORD_HASH'];
 	$salt = $_SESSION['SALT'];
@ -304,6 +312,7 @@ function createAccountOnServer(string $database)
 	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
 	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
 	$stmt->execute();
 	mysqli_close($connect);
 }
 # Global Functions