allowed groups function does not work

Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#1
Hello, this script has a permissible groups function, but it does not work ... it accepts all groups even by configuring the allowed groups in config.php

PHP:
    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
            

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }
config.php

PHP:
$allowed_groups = array(209,217,218,219,220,221,222,223,118,123,170,124,125,172);
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#3
full code

PHP:
<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');
date_default_timezone_set('America/Sao_Paulo');
$type = @$_GET["type"];
     date_default_timezone_set('America/Sao_Paulo');

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Erro :(", "Você não pode criar um canal novamente.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Erro :(", "No nome do seu canal não há endereço ou domínio IP permitido.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
           

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $group_matches = 0;

            foreach($allowed_groups as $g)
            {
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Não Autorizado "," Não é permitido usar esta ferramenta, você não está em um grupo permitido.");
            }

            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => '[center][b][u]'.$channelname.'[/u][/b][/center][hr][b][list][*]Data e hora que foi criado: '.$realTime.'[*]Criador: ' . $client_nickname . '[/list][/b] [COLOR=#ff0000][B][u]ATENÇÃO:[/u][/B]
Participando do TS você concorda com as [url=http://esbsb.com.br/rules.php]regras[/url] aqui contidas, cuja leitura é de responsabilidade do usuário. Dizer que não conhece as regras não é desculpa para justificar atos que as descumpram. As punições para a violação de regras citadas abaixo variam de temporárias a permanente, portanto pense duas vezes antes de descumpri-las.[/COLOR]


[size=12][COLOR=#00aaff][B]INFORMAÇÕES SOBRE A ABA DE SALAS REGISTRADAS[/B][/COLOR][/size]
A ESBSB é um servidor voltado para o público gamer, de modo que estamos sempre apoiando e prestando serviço aos streamers e parceiros em troca de divulgação.

[B][COLOR=#00aaff]PARA O PROCESSO DE CRIAÇÃO DE UMA SALA É NECESSÁRIO SEGUIR ALGUNS REQUISITOS[/COLOR][/B][list]
[*]É necessário que o canal esteja ativo.
[*]Ter 5 membros, inclusive a presença constante do líder.[/list]
[B][COLOR=#00aaff]AS REGRAS[/COLOR][/B][list]
[*]É obrigatória a divulgação do nosso servidor e em troca, também divulgaremos o seu trabalho seja no servidor e na page do Facebook.
[*]Caso não haja a presença constante do Parceiro durante 10 dias sem aviso prévio, a sala será excluída.
[*]A staff não se responsabilizará por conflitos internos, apenas aos problemas que envolvem a quebra de regras e combinados do servidor.[/list]
[B][COLOR=#00aaff]OS DIREITOS[/COLOR][/B][list]
[*]O Parceiro receberá um ícone exclusivo de Streamer/Yotuber que lhe dará permissões de mudar senhas e nomes de salas e também de mover pessoas.
[*]Nós seguimos padrões de quantidade de salas por Canal, portanto todos só terão direito a 3 salas. Caso seu canal esteja constantemente cheio sera liberada a criação de mais salas.
[*]O seu canal também terá o direito de ter um ícone personalizado se possuir 8 membros ou mais ativos.[/list]

[hr][right][B]Qualquer dúvida, solicite ajuda a um moderador ou administrador.[/right]',
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

       
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN criado pelo web-criador.");
            $client->move($cid);
            $client->setChannelGroup($cid, $chadmin_group_id);

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "Tudo certo! :)",
                    "token" => (string)$token,
                   
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Erro :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Cliente não encontrado. "," Não foi possível determinar o seu ID exclusivo. Insira o seu ID exclusivo.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Autenticado!",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
   
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Erro: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>
---- Automatically Merged Double Post ----

You do not have permission to view link Log in or register now.
full
 
Last edited:

kalle

high minded
Member of the Month
Contributor
Joined
Oct 28, 2015
Messages
312
Likes
157
Points
118
Age
23
Location
Bosnia and Herzegovina
#4
I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#5
I didnt tested this, but I think that problem lay here.
$request = json_decode(file_get_contents("php://input"));
Try to var_dump($request); to see if this gives anything.
If problem is in this, use $_POST for form.
It did not work, the script does not open changing for this
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#7
Thanks, I would also like to understand how you fixed it if you can explain when to find the error and fix
 
Joined
May 8, 2016
Messages
79
Likes
69
Points
54
Location
Germany
#8
Code:
            foreach($allowed_groups as $g)
            {
                    [....]
                if(in_array($g, $allowed_groups))
                {
                    $group_matches++;
                }
            }
That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code :)
Code:
 foreach($allowed_groups as $g)
 {
     $group_matches++;
 }
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#9
That loop doesn't make any sense. Your condition (in_array) should be always true, cause you are looping the same array!

This should do exactly the same, like yours but is less code :)
Code:
 foreach($allowed_groups as $g)
{
     $group_matches++;
}
still does not work, it ignores members that do not have the groups selected
 
Joined
May 8, 2016
Messages
79
Likes
69
Points
54
Location
Germany
#10
I think you need to change the code like this.. that would makes more sense

Code:
            foreach($allowed_groups as $g)
            {
                if(isset($groups[$g]))
                {
                    $group_matches++;
                    //saving variables only, when matches $groups with $allowed_groups
                    $client_nickname = $client->client_nickname;
                    $channelname = $request->channelname;
                    $unixTime = time();
                    $realTime = date('[d-m-Y]-[H:i]',$unixTime);
                    break;
                }
            }
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#11
now, the script ignore all groups, same members using the selected groups
fck

---- Automatically Merged Double Post ----

This is leaving me with a headache.
:mad:
 
Last edited:
Joined
May 8, 2016
Messages
79
Likes
69
Points
54
Location
Germany
#12
When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#13
This is leaving me with a headache.
When I understood it right, you have a string $allowed_groups which are that groups, which are allowed to create the channel.

So you have two cases:
1) the user contains a group, which is defined in $allowed_groups -> here the script should create a channel
2) the user has no of the defined groups in $allowed_groups -> here the script should decline the channel

I understood it correct?

Have you tested both scenarios? Please describe what happened in both cases.
Right, that has to happen. members with the selected groups yet to be created and those who do not have the groups can not
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#15
even though I use the selected group in $ allowed_groups I still can not create the channels, of the error that I do not have the allowed group

and without even a group happens the same, I still can not create the channels, but this is right. without the group can not create, but even with the group still gives the error
 
Joined
May 8, 2016
Messages
79
Likes
69
Points
54
Location
Germany
#16
ok, then we know it doesn't match the $groups with $allowed_groups.. cause we know what is in $allowed_groups, it should be a problem with $groups. This you got from the teamspeak query / framework.

You should var_dump the $client variable and the $groups variable and show us the output here.
 

kalle

high minded
Member of the Month
Contributor
Joined
Oct 28, 2015
Messages
312
Likes
157
Points
118
Age
23
Location
Bosnia and Herzegovina
#17
Person who made this clearly doesnt know that returned groups are type string and its needed to convert it to array to check whats need to be checked.
This code works with groups, but what you requested in chat is not possible with channel create, instead use
You do not have permission to view link Log in or register now.
.

PHP:
<?PHP
require_once('libs/TeamSpeak3/TeamSpeak3.php');
require_once('config.php');
require_once('libs/recaptcha/src/autoload.php');
require_once('libs/chadd.php');

$type = @$_GET["type"];

function Response($code, $header, $msg) {
    $resp = array(
        "code" => $code,
        "header" => $header,
        "msg" => $msg,
    );
    $data = json_encode($resp);
    echo $data;
    exit;
}

switch($type) {

case 0:

$request = json_decode(file_get_contents("php://input"));


$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($request->captcha_resp, $_SERVER['REMOTE_ADDR']);

if($resp->isSuccess()) {

     if($chadd->CheckCookie())
     {
         Response(406, "Error :(", "You can't create a channel again.");
     }

     //REPLACE bad words
    $request->channelname = $chadd->ReplaceBadString($badwords, $request->channelname);

    if($chadd->CheckStringIP($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($chadd->CheckStringDomain($request->channelname))
    {
        Response(403, "Error :(", "In your Channel Name is no IP Adress or Domain allowed.");
    }

    if($request->quality < 1 || $request->quality > 10)
    {
        $request->quality = 7;
    }

    switch ($request->codec)
    {
                        case 1:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
                        break;

                        case 2:
                        define("TS3_CODEC", TeamSpeak3::CODEC_CELT_MONO);
                        break;

                        case 3:
                        define("TS3_CODEC", TeamSpeak3::CODEC_SPEEX_ULTRAWIDEBAND);
                        break;

                        default:
                        define("TS3_CODEC", TeamSpeak3::CODEC_OPUS_VOICE);
    }

    try {

            $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
            $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));

            $client = $ts3_VirtualServer->clientGetByUid($request->uuid);
            $groups = $client["client_servergroups"];
            $groups = explode(',', $groups);
            $group_matches = 0;


            foreach($allowed_groups as $g)
            {
                if(in_array($g, $groups))
                {
                    $group_matches++;
                }
            }

            if($group_matches <= 0)
            {
                Response(403, "Not Authorized", "Not allowed to use this tool, you are not in a whitelisted group.");
            }
            //"[cspacer".rand(1,10000)."] ━━━━━━━◥◣◆◢◤━━━━━━"
            $cid = $ts3_VirtualServer->channelCreate(array(
            "channel_name" => $request->channelname,
            "channel_password" => $request->password,
            "channel_topic" => $channel_topic,
            "channel_codec" => TS3_CODEC,
            "channel_codec_quality" => $request->quality,
            "channel_flag_permanent" => FALSE,
            "cpid"                  => $cpid,
            "channel_description" => $channel_description,
            "channel_flag_semi_permanent" => TRUE
            ));

            //log cid with IP (abuse)
            $usr_ip = $_SERVER['REMOTE_ADDR'];
            $ts3_VirtualServer->logAdd("Channel $cid created from IP:$usr_ip", TeamSpeak3::LOGLEVEL_INFO);

        
            $token = $ts3_VirtualServer->privilegeKeyCreate(0x01, "$chadmin_group_id"  ,"$cid", "TOKEN created from CHADD.");

            $chadd->SetCookie();


            $resp = array(
                    "code" => 1,
                    "header" => "All fine! :)",
                    "token" => (string)$token,
                    "url" => "$server_conn_url?port=$ts3_s_port&cid=$cid&channelpassword=$request->password&token=$token",
            );


            $json = json_encode($resp);
            echo $json;
            exit;

            }

            catch (TeamSpeak3_Exception $e) {
                    Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
            }


} else {
     $errors = $resp->getErrorCodes();
     if(count($errors) >= 1)
     {
         Response(403, "Error :(", $errors[0]);
     }
}

break;

case 1:

try {
         $ts3_VirtualServer = TeamSpeak3::factory("serverquery://$ts3_username:[email protected]$ts3_host:$ts3_q_port/?server_port=$ts3_s_port");
         $ts3_VirtualServer->selfUpdate(array('client_nickname'=> $ts3_nick));
         $clients = $ts3_VirtualServer->clientList(array('connection_client_ip' => $_SERVER["REMOTE_ADDR"]));

         $matches = count($clients);
         if($matches > 1 || $matches <= 0)
         {
             Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
         }

         if($matches == 1)
         {
             foreach($clients as $c)
             {

             if(count($c->getClones()) > 1)
             {
                 Response(404, "Client not found.", "Could not determine your Unique ID. Enter your Unique ID.");
             }

             $resp = array(
                 "code" => 200,
                 "header" => "Authenticated",
                 "uuid" => (string)$c["client_unique_identifier"],
                 "name" => (string)$c["client_nickname"],
             );

             $json = json_encode($resp);
             echo $json;
             exit;

            }
        }
    
}
catch (TeamSpeak3_Exception $e) {
          Response(500, "TS3-Error: "+ $e->getCode(), $e->getMessage());
}

break;

}
?>
 
Joined
Oct 1, 2017
Messages
141
Likes
42
Points
44
Age
20
Location
Brasil
#18
Thank you very much, thank you ;)

on the channels I did it

PHP:
$ numbers = mt_rand (10, 9999);
//
"channel_name" => "[cspacer"]. $ numbers. "] ━━━━━━━━━━◥◣ ◆ ◢◤━━━━━━━━━",
 

Top