/*
============
Cmd_List_f
============
*/
static void Cmd_List_f( void ) {
cmd_function_t *cmd;
int i;
char *match;
if ( Cmd_Argc() > 1 ) {
match = Cmd_Argv( 1 );
} else {
match = NULL;
}
i = 0;
for ( cmd = cmd_functions ; cmd ; cmd = cmd->next ) {
if ( (match && !Com_Filter( match, (char*)cmd->name, qfalse ))
|| Cmd_GetInvokerPower() < cmd->minPower || ((cmd->minPower == 0) && Cmd_GetInvokerPower() != 100))
{
if(!Auth_CanPlayerUseCommand(Cmd_GetInvokerClnum(), (char*)cmd->name))
{
continue;
}
}
Com_Printf( "%s\n", cmd->name );
i++;
}
Com_Printf( "%i commands\n", i );
}
void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, int uid)
{
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char buffer[960];
char cmd[48];
int power, powercmd, oldpower, oldinvokeruid, oldinvokerclnum, i;
if((power = Auth_GetClPowerByUID(uid)) < 100)
{
i = 0;
/* Get the current user's power 1st */
while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,command,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer, command, sizeof(buffer));
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
powercmd = Cmd_GetPower(cmd);
if(powercmd > power)
{
XA(" Insufficient permissions! ");
return;
}
xmlobjFlush = xmlobj;
oldpower = Cmd_GetInvokerPower();
oldinvokeruid = Cmd_GetInvokerUID();
oldinvokerclnum = Cmd_GetInvokerClnum();
Cmd_SetCurrentInvokerInfo(uid, power, -1);
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, buffer);
Cmd_SetCurrentInvokerInfo(oldinvokeruid, oldpower, oldinvokerclnum);
}else{
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, command);
#ifdef PUNKBUSTER
if(!Q_stricmpn(command, "pb_sv_", 6)) PbServerForceProcess();
#endif
}
Com_EndRedirect();
xmlobjFlush = NULL;
}
void Webadmin_ConsoleCommand(xml_t* xmlobj, const char* command, uint64_t steamid)
{
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char buffer[960];
char cmd[48];
int power, i, powercmd;
power = Cmd_GetInvokerPower();
if(power < 100)
{
i = 0;
/* Get the current user's power 1st */
while ( command[i] != ' ' && command[i] != '\0' && command[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return;
Q_strncpyz(cmd,command,i+1);
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer, command, sizeof(buffer));
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
powercmd = Cmd_GetPower(cmd);
if(powercmd > power)
{
XA(" Insufficient permissions! ");
return;
}
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, buffer);
}else{
xmlobjFlush = xmlobj;
Com_BeginRedirect (sv_outputbuf, SV_OUTPUTBUF_LENGTH, Webadmin_FlushRedirect);
Cmd_ExecuteSingleCommand(0,0, command);
}
Com_EndRedirect();
xmlobjFlush = NULL;
}
void Webadmin_BuildMessage(msg_t* msg, const char* username, qboolean invalidloginattempt, const char* banmsg, const char* url, httpPostVals_t* values)
{
xml_t xmlbase;
xml_t* xmlobj = &xmlbase;
char actionval[64];
char colorbuf[2048];
const char *postval;
char netadrstr[128];
uint64_t steamid;
int power, oldpower, oldinvokerclnum;
uint64_t oldinvokersteamid;
char oldinvokername[64];
const char* name;
XML_Init(xmlobj, (char*)msg->data, msg->maxsize, "ISO-8859-1");
XO("html");
XO("head");
XO("title");
XA("CoD4X Web Server");
XC;
XO2("link","href","/files/webadmin.css","rel","stylesheet");XC;
XC;
XO("body");
XO1("div","class","container");
XO1("div","class","page-header");
XO("h1");
XA("CoD4 X v1.8");
XO("small");
XA(" Web Server");
XC;
XC;
XO("h3");
XA(Webadmin_ConvertToHTMLColor(sv_hostname->string, colorbuf, sizeof(colorbuf)));
XA(" ");
XA(sv_mapname->string);
XC;
XC;
if(!Q_strncmp(url, "/webadmin", 9))
{
if(username == NULL || username[0] == '\0')
{
Webadmin_BuildLoginForm(xmlobj, invalidloginattempt, banmsg);
}else {
steamid = Auth_GetSteamID(username);
if(!Q_strncmp(url +9, "/listadmins", 11))
{
Webadmin_BuildAdminList(xmlobj, steamid);
}else {
XO1("div","class","loginusername");
XO1("span","class","label label-primary");
XA("Logged in as: ");XA(username);XA(". ");
XO2("a","href","/webadmin/?action=logout","style","color: #fff");
XA("Log Out");
XC;
XC;
XC;
XO1("div", "class", "col-lg-6 right_line");
XO("h3");XA("Server Status");XC;
XO("hr");XC;
Webadmin_BuildServerStatus(xmlobj, qtrue);
XC;
XO1("div", "class", "col-lg-6 left_line");
XO("h3");XA("Command Console");XC;
XO("hr");XC;
if(Webadmin_GetUrlVal( url, "action", actionval, sizeof(actionval)))//nnjpls
{
if (strcmp(actionval, "logout") == 0) {
Auth_WipeSessionId(username);
}else{
oldpower = Cmd_GetInvokerPower();
oldinvokerclnum = Cmd_GetInvokerClnum();
oldinvokersteamid = Cmd_GetInvokerSteamID();
Cmd_GetInvokerName(oldinvokername, sizeof(oldinvokername));
power = Auth_GetClPowerBySteamID(steamid);
name = Auth_GetNameBySteamID(steamid);
Cmd_SetCurrentInvokerInfo(power, -1, steamid, name);
if(strcmp(actionval, "sendcmd") == 0){
postval = HTTP_GetFormDataItem(values, "consolecommand");
if(postval[0]){
XO1("div","class","well");
Webadmin_ConsoleCommand(xmlobj, postval, steamid);
XC;
}
}else if(strcmp(actionval, "banclient") == 0){
Webadmin_BanClient(xmlobj, values, steamid);
}else if(strcmp(actionval, "kickclient") == 0){
Webadmin_KickClient(xmlobj, values, steamid);
}
Cmd_SetCurrentInvokerInfo(oldpower, oldinvokerclnum, oldinvokersteamid, oldinvokername);
}
}
XO5("form", "name", "input", "action", "webadmin?action=sendcmd", "method", "post", "class","form-control","id","con_form");
XA("<label for=\"consolecommand\">Send Command</label> <input type=\"text\" name=\"consolecommand\" id=\"consolecommand\">");
XA("<button class=\"givesomespace btn btn-primary btn-xs\" type=\"submit\">Send Command</button>");
XC;
XC;
}
}
}else if(!Q_strncmp(url, "/status", 7)){
XO("h3");XA("Server Status");XC;
XO("hr");XC;
Webadmin_BuildServerStatus(xmlobj,qfalse);
}else {
XO1("h3","align","center");
XA("Where do you want to go?");
XC;
XO1("div","align","center");
XA("<a href=\"/webadmin\" class=\"btn btn-primary givesomespace\">Web Admin</a>");
XA("<a href=\"/status\" class=\"btn btn-primary givesomespace\">Server Status</a>");
XC;
}
XO("p");
XA("Net: ");
XA(NET_GetHostAddress(netadrstr, sizeof(netadrstr)));
XC;
XC;
XC;
XC;
msg->cursize = xmlobj->bufposition;
}
void QDECL SV_PrintAdministrativeLog( const char *fmt, ... ) {
va_list argptr;
char msg[MAXPRINTMSG];
char inputmsg[MAXPRINTMSG];
struct tm *newtime;
char* ltime;
time_t realtime;
va_start (argptr,fmt);
Q_vsnprintf (inputmsg, sizeof(inputmsg), fmt, argptr);
va_end (argptr);
Com_UpdateRealtime();
realtime = Com_GetRealtime();
newtime = localtime( &realtime );
ltime = asctime( newtime );
ltime[strlen(ltime)-1] = 0;
Com_sprintf(msg, sizeof(msg), "%s - Admin %i with %i power %s\n", ltime, Cmd_GetInvokerUID(), Cmd_GetInvokerPower(), inputmsg);
Com_PrintAdministrativeLog( msg );
}
qboolean SV_ExecuteRemoteCmd(int clientnum, const char *msg){
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
char cmd[30];
char buffer[256];
char *printPtr;
int i = 0;
int j = 0;
int powercmd;
int power;
client_t *cl;
qboolean critcmd;
if(clientnum < 0 || clientnum > 63) return qfalse;
cl = &svs.clients[clientnum];
redirectClient = cl;
while ( msg[i] != ' ' && msg[i] != '\0' && msg[i] != '\n' && i < 32 ){
i++;
}
if(i > 29 || i < 3) return qfalse;
Q_strncpyz(cmd,msg,i+1);
if(!Q_stricmpn(cmd, "auth", 4)){
if(!Q_stricmp(cmd, "authChangePassword"))
{
Q_strncpyz(cmd, "changePassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authSetAdmin"))
{
Q_strncpyz(cmd, "AdminAddAdminWithPassword", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authUnsetAdmin"))
{
Q_strncpyz(cmd, "AdminRemoveAdmin", sizeof(cmd));
}
else if(!Q_stricmp(cmd, "authListAdmins"))
{
Q_strncpyz(cmd, "adminListAdmins", sizeof(cmd));
}
}else if(!Q_stricmp(cmd, "cmdpowerlist")){
Q_strncpyz(cmd, "AdminListCommands", sizeof(cmd));
}else if(!Q_stricmp(cmd, "setCmdMinPower")){
Q_strncpyz(cmd, "AdminChangeCommandPower", sizeof(cmd));
}
//Prevent buffer overflow as well as prevent the execution of priveleged commands by using seperator characters
Q_strncpyz(buffer,msg,256);
Q_strchrrepl(buffer,';','\0');
Q_strchrrepl(buffer,'\n','\0');
Q_strchrrepl(buffer,'\r','\0');
// start redirecting all print outputs to the packet
power = Auth_GetClPower(cl);
powercmd = Cmd_GetPower(cmd);
if(strstr(cmd, "password"))
{
printPtr = "hiddencmd";
critcmd = qtrue;
}else{
printPtr = buffer;
critcmd = qfalse;
}
if(powercmd == -1){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Invalid command invoked - Type ^2$cmdlist ^3to get a list of all available commands\"", printPtr);
return qfalse;
}
if(powercmd > power){
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\n^3Command execution failed - Insufficient power to execute this command.\n^3You need at least ^6%i ^3powerpoints to invoke this command.\n^3Type ^2$cmdlist ^3to get a list of all available commands\"",
printPtr, powercmd);
return qtrue;
}
Com_Printf( "Command execution: %s Invoked by: %s InvokerUID: %i Power: %i\n", printPtr, cl->name, cl->uid, power);
Com_BeginRedirect(sv_outputbuf, SV_OUTPUTBUF_LENGTH, SV_ReliableSendRedirect);
i = Cmd_GetInvokerUID();
j = Cmd_GetInvokerPower();
Cmd_SetCurrentInvokerInfo(cl->uid, power, clientnum);
Cmd_ExecuteSingleCommand( 0, 0, buffer );
#ifdef PUNKBUSTER
if(!Q_stricmpn(buffer, "pb_sv_", 6)) PbServerForceProcess();
#endif
if(!critcmd)
{
SV_SendServerCommand(redirectClient, "e \"^5Command^2: %s\"", buffer);
}
Cmd_SetCurrentInvokerInfo(i, j, -1);
Com_EndRedirect();
return qtrue;
}